Law Enforcement, Civil Society Representatives Clash Over ‘Crypto Wars’ 2.0

March 13, 2015

Washington – This week was a busy one for in the tech policy space, especially when it came to discussions of privacy and security.  Yesterday there were two events with identical topics: the modern day revival of the “Crypto Wars” of 1990s.

The new Crypto Wars have developed out of recent remarks by a raft of government officials in the U.S. and abroad, beginning with FBI Director James Comey, but echoed by David Cameron, the Prime Minister of the United Kingdom, and Admiral Mike Rogers, the Director of the NSA.  They call for a “conversation” about the widespread availability of secure, consumer-protective communications services because of the potential difficulty they cause governments in accessing private communications, and the adoption of legal requirements that would provide governments with a back door or “golden key” into encryption technologies.  These remarks were largely spurred by the implementation of default strong device encryption by Google and Apple on the latest versions of their smartphone operating systems, which the companies are not able to bypass.

The events held by the Congressional Internet Caucus and ITIF yesterday were designed to foster that conversation between government and law enforcement officials and members of civil society and the tech industry.  On the government side, ITIF’s event featured Michael Daniel, the White House Cyber Czar, while the Net Caucus panel included David Bitkower of the Department of Justice.  Both panels shared Amie Stepanovich, Policy Counsel at Access, along with varying representatives of tech companies, lawyers, and academics.

The primary point of representatives of the law enforcement and intelligence communities seemed to be that, prior to any discussions about the practical feasibility or desirability of government access to secure communications systems and devices, society should have a policy discussion about whether strong, user-controlled encryption and backdoor-free communications should be available or widespread.

Michael Daniel mentioned that strong cybersecurity protections are important for individuals and industry.  However, the prevailing government position remains that after weighing the tradeoffs, society should ultimately still come away with the determination that there should be requirements for either backdoors or compelled provider-aided access to electronic data or communications.  They argue that the fear of “going dark” with respect to communications and other digital evidence for crimes ranging from child pornography to potential terrorism is already sufficient to outweigh the broad-based benefits of increased cybersecurity for citizens, consumers, and the global economy.

Of course, the tech industry and civil society representatives demurred.  Three key points stood out, one of which directly countered the law enforcement premise that a policy discussion must precede a technical one.  First, security advocates argued that strong encryption and secure communications systems are tools that the public should have the choice to use, absent pressure from law enforcement.  In the face of increased trespass from hackers, identity thieves, stalkers — and indeed, the government — individuals demand more control over who can access their information, and when.  Strong, backdoor-free encryption is one of the tools that they should be able to employ to protect themselves and increase the marginal cost of indiscriminate intelligence-gathering in a “golden age of surveillance.”

The encryption advocates also noted that a policy discussion premised on manipulating technology to allow for different levels of potential government access pursuant to lawful process should account for the technical feasibility of such backdoors or shared keys.  There is also broad consensus among technologists that allegedly secure backdoors for lawful government use in complex systems rarely remain secure and instead become means for unlawful access by criminals or others inclined to misuse such access.  These risks are not just theory — backdoors intended for merely permissible uses have regularly been breached to the public’s detriment in the past.

Lastly, the tech and civil society representatives pointed out that the imposition of backdoors or managed government access is not a conversation limited to domestic policymakers and law enforcement.  The statements made by Administration officials have been mirrored by legal requirements for backdoors in tech products and source code disclosure in China, along with interference with encrypted VPN services used by journalists and activists.  The government’s attempts to advocate for backdoors in the U.S., while simultaneously arguing that they stifle free expression and serve as transparent barriers to trade abroad, demonstrates an impressive, though untenable, cognitive dissonance.

Related Articles

New EU Cybersecurity Rules Should Promote Security Mitigation, Avoid Compliance Red Tape

Dec 16, 2020

Brussels, BELGIUM — The European Commission published today a legislative proposal to update the 2016 Network and Information Security Directive.  The proposal aims to reduce regulatory inconsistencies across the EU’s internal market and it encourages security information sharing to help companies effectively address future cybersecurity risks. But the proposal also suggests that cloud computing providers,…

CCIA Offers European Commission Comments On Data Transfer Method

Dec 11, 2020

CCIA submitted comments to the European Commission on the draft new Standard Contractual Clauses (‘SCC’) to transfer data outside of the EU. CCIA believes this transfer tool will pave the way towards greater legal certainty for most data transfers outside the European Union. However, the tool could still be made more practical for companies to…

CCIA Applauds Senate Commerce Attention To Data Transfer Solutions

Dec 8, 2020

Washington — The Senate Commerce Committee holds its hearing “The Invalidation of the EU-US Privacy Shield and the Future of Transatlantic Data Flows,” Wednesday to examine the economic impact of the suspension of the popular data transfer framework and the U.S. government’s ongoing engagement to negotiate a new transfer system. Thousands of large and small…