Law Enforcement, Civil Society Representatives Clash Over ‘Crypto Wars’ 2.0

BY CCIA Staff
March 13, 2015

Washington – This week was a busy one for in the tech policy space, especially when it came to discussions of privacy and security.  Yesterday there were two events with identical topics: the modern day revival of the “Crypto Wars” of 1990s.

The new Crypto Wars have developed out of recent remarks by a raft of government officials in the U.S. and abroad, beginning with FBI Director James Comey, but echoed by David Cameron, the Prime Minister of the United Kingdom, and Admiral Mike Rogers, the Director of the NSA.  They call for a “conversation” about the widespread availability of secure, consumer-protective communications services because of the potential difficulty they cause governments in accessing private communications, and the adoption of legal requirements that would provide governments with a back door or “golden key” into encryption technologies.  These remarks were largely spurred by the implementation of default strong device encryption by Google and Apple on the latest versions of their smartphone operating systems, which the companies are not able to bypass.

The events held by the Congressional Internet Caucus and ITIF yesterday were designed to foster that conversation between government and law enforcement officials and members of civil society and the tech industry.  On the government side, ITIF’s event featured Michael Daniel, the White House Cyber Czar, while the Net Caucus panel included David Bitkower of the Department of Justice.  Both panels shared Amie Stepanovich, Policy Counsel at Access, along with varying representatives of tech companies, lawyers, and academics.

The primary point of representatives of the law enforcement and intelligence communities seemed to be that, prior to any discussions about the practical feasibility or desirability of government access to secure communications systems and devices, society should have a policy discussion about whether strong, user-controlled encryption and backdoor-free communications should be available or widespread.

Michael Daniel mentioned that strong cybersecurity protections are important for individuals and industry.  However, the prevailing government position remains that after weighing the tradeoffs, society should ultimately still come away with the determination that there should be requirements for either backdoors or compelled provider-aided access to electronic data or communications.  They argue that the fear of “going dark” with respect to communications and other digital evidence for crimes ranging from child pornography to potential terrorism is already sufficient to outweigh the broad-based benefits of increased cybersecurity for citizens, consumers, and the global economy.

Of course, the tech industry and civil society representatives demurred.  Three key points stood out, one of which directly countered the law enforcement premise that a policy discussion must precede a technical one.  First, security advocates argued that strong encryption and secure communications systems are tools that the public should have the choice to use, absent pressure from law enforcement.  In the face of increased trespass from hackers, identity thieves, stalkers — and indeed, the government — individuals demand more control over who can access their information, and when.  Strong, backdoor-free encryption is one of the tools that they should be able to employ to protect themselves and increase the marginal cost of indiscriminate intelligence-gathering in a “golden age of surveillance.”

The encryption advocates also noted that a policy discussion premised on manipulating technology to allow for different levels of potential government access pursuant to lawful process should account for the technical feasibility of such backdoors or shared keys.  There is also broad consensus among technologists that allegedly secure backdoors for lawful government use in complex systems rarely remain secure and instead become means for unlawful access by criminals or others inclined to misuse such access.  These risks are not just theory — backdoors intended for merely permissible uses have regularly been breached to the public’s detriment in the past.

Lastly, the tech and civil society representatives pointed out that the imposition of backdoors or managed government access is not a conversation limited to domestic policymakers and law enforcement.  The statements made by Administration officials have been mirrored by legal requirements for backdoors in tech products and source code disclosure in China, along with interference with encrypted VPN services used by journalists and activists.  The government’s attempts to advocate for backdoors in the U.S., while simultaneously arguing that they stifle free expression and serve as transparent barriers to trade abroad, demonstrates an impressive, though untenable, cognitive dissonance.

Related Articles

Industry Groups Urge Protection of Fundamental Principles and Rights in the Digital Services Act

Jul 9, 2021

Brussels, BELGIUM — The Computer & Communications Industry Association (CCIA) today joined other industry organizations in a joint statement asking EU Member States to respect the fundamental principles of the e-Commerce Directive during the negotiations of the Digital Services Act (DSA)  The signatories support an ambitious DSA and its objectives to protect consumers and their…

CCIA Statement on the Enactment of the Colorado Privacy Act

Jul 8, 2021

Washington – Governor Jared Polis has signed the Colorado Privacy Act into law, making Colorado the third U.S. state to enact comprehensive consumer privacy legislation. New rules are set to take effect July 1, 2023. The Computer & Communications Industry Association welcomes Colorado lawmakers’ successful efforts to enact new rights and protections for consumer privacy.…