Law Enforcement, Civil Society Representatives Clash Over 'Crypto Wars' 2.0

March 13, 2015

Washington – This week was a busy one for in the tech policy space, especially when it came to discussions of privacy and security.  Yesterday there were two events with identical topics: the modern day revival of the “Crypto Wars” of 1990s.
The new Crypto Wars have developed out of recent remarks by a raft of government officials in the U.S. and abroad, beginning with FBI Director James Comey, but echoed by David Cameron, the Prime Minister of the United Kingdom, and Admiral Mike Rogers, the Director of the NSA.  They call for a “conversation” about the widespread availability of secure, consumer-protective communications services because of the potential difficulty they cause governments in accessing private communications, and the adoption of legal requirements that would provide governments with a back door or “golden key” into encryption technologies.  These remarks were largely spurred by the implementation of default strong device encryption by Google and Apple on the latest versions of their smartphone operating systems, which the companies are not able to bypass.
The events held by the Congressional Internet Caucus and ITIF yesterday were designed to foster that conversation between government and law enforcement officials and members of civil society and the tech industry.  On the government side, ITIF’s event featured Michael Daniel, the White House Cyber Czar, while the Net Caucus panel included David Bitkower of the Department of Justice.  Both panels shared Amie Stepanovich, Policy Counsel at Access, along with varying representatives of tech companies, lawyers, and academics.
The primary point of representatives of the law enforcement and intelligence communities seemed to be that, prior to any discussions about the practical feasibility or desirability of government access to secure communications systems and devices, society should have a policy discussion about whether strong, user-controlled encryption and backdoor-free communications should be available or widespread.
Michael Daniel mentioned that strong cybersecurity protections are important for individuals and industry.  However, the prevailing government position remains that after weighing the tradeoffs, society should ultimately still come away with the determination that there should be requirements for either backdoors or compelled provider-aided access to electronic data or communications.  They argue that the fear of “going dark” with respect to communications and other digital evidence for crimes ranging from child pornography to potential terrorism is already sufficient to outweigh the broad-based benefits of increased cybersecurity for citizens, consumers, and the global economy.
Of course, the tech industry and civil society representatives demurred.  Three key points stood out, one of which directly countered the law enforcement premise that a policy discussion must precede a technical one.  First, security advocates argued that strong encryption and secure communications systems are tools that the public should have the choice to use, absent pressure from law enforcement.  In the face of increased trespass from hackers, identity thieves, stalkers — and indeed, the government — individuals demand more control over who can access their information, and when.  Strong, backdoor-free encryption is one of the tools that they should be able to employ to protect themselves and increase the marginal cost of indiscriminate intelligence-gathering in a “golden age of surveillance.”
The encryption advocates also noted that a policy discussion premised on manipulating technology to allow for different levels of potential government access pursuant to lawful process should account for the technical feasibility of such backdoors or shared keys.  There is also broad consensus among technologists that allegedly secure backdoors for lawful government use in complex systems rarely remain secure and instead become means for unlawful access by criminals or others inclined to misuse such access.  These risks are not just theory — backdoors intended for merely permissible uses have regularly been breached to the public’s detriment in the past.
Lastly, the tech and civil society representatives pointed out that the imposition of backdoors or managed government access is not a conversation limited to domestic policymakers and law enforcement.  The statements made by Administration officials have been mirrored by legal requirements for backdoors in tech products and source code disclosure in China, along with interference with encrypted VPN services used by journalists and activists.  The government’s attempts to advocate for backdoors in the U.S., while simultaneously arguing that they stifle free expression and serve as transparent barriers to trade abroad, demonstrates an impressive, though untenable, cognitive dissonance.

Related Articles

Study Offers Reasons Why Government Technology and Procurement Practices Needs to Change

Nov 15, 2021

Washington — A study by market research firm Omdia released Monday explores reasons why most government departments rely on just one vendor for productivity software and why IT departments are choosing to select ease of management and end user familiarity with the tools at the expense of developing a best of breed approach that would…

Senate Commerce Hearing On Privacy; CCIA Welcomes Push To Fund FTC, Pass Privacy Legislation

Sep 29, 2021

Washington — The Senate Commerce Committee held a hearing today on consumer privacy with Chairwoman Maria Cantwell focusing on the need to pass baseline federal privacy and to ensure the FTC has adequate resources to address privacy. Ahead of the hearing, the Computer & Communications Industry Association sent a letter to committee leaders expressing appreciation…

CCIA Whitepaper Identifies National Security Risks Posed By House Bills Targeting U.S. Tech Companies

Sep 13, 2021

Washington — The Computer & Communications Industry Association has released a white paper on the national security implications of several House-passed bills aimed at a handful of U.S. tech companies as they compete with foreign companies. These bills were introduced in June 2021 and were marked up without legislative hearings or input from stakeholders, particularly…