Encryption

Inconclusive encryption report straddles ongoing policy debate

Shutterstock image By Pasko Maksim Stock vector ID: 591206291 

A long-awaited report on encryption lays out a framework for governments and technologists to compromise over the problem of law enforcement's access to encrypted communications, but it lacks hard conclusions or recommendations to settle the debate.

In 2015, Congress charged the National Academies of Sciences, Engineering and Medicine with putting together a panel of experts to help break an impasse that has existed between policymakers and technologists for decades.

A Feb. 15 report is the end product of that request. The authors -- experts from law enforcement, cryptography, Silicon Valley and academia -- take pains to meticulously document and represent the different viewpoints and priorities that have driven both sides to a stalemate while pointing out that increasing global reliance on technology will only exacerbate existing tensions.

FBI Director Christopher Wray and Deputy Attorney General Rod Rosenstein have stated that law enforcement agencies have thousands of locked devices relevant to ongoing criminal investigations that they are unable to access. Both have called for tech companies to implement what they call "responsible encryption" measures, but computer scientists and cybersecurity experts argue there is no way to satisfy those demands without also reducing security barriers for hackers and nation states.

In lieu of recommendations, the committee settled on a set of questions designed to provide a framework for possible compromise.

That was by design, according to Fred Cate, who chaired the committee that produced the report. One of the conditions placed upon the committee's work by its funders was that it avoid crafting specific recommendations.

In an emailed response to FCW's questions, Cate acknowledged that restriction was initially frustrating to deal with, but it wound up giving the committee two significant advantages that helped govern the report's overall direction.

"[We] recognized the fact that a longstanding challenge in the encryption debate is that the many sides rarely can agree on the same facts or even the same vocabulary, much less the same conclusions," Cate said. "So, the decision to focus on developing a common set of facts and contexts that the entire membership of this very diverse committee could sign on to … has enormous value and, in fact, represents a necessary step in moving the debate forward."

The immediate reaction to the report's release suggests it may take some time to change minds.

"After over three years of debating the questions articulated in this Framework, it's clear that the only appropriate answer is that no policy that would weaken or limit access to encryption should be adopted," Robyn Greene, policy counsel for New America's Open Technology Initiative, said in a statement.

Congress, Greene continued, should use the questions posed in the report's framework "to move on from the encryption backdoor debate, and finally turn to the critical discussion of how to ensure that law enforcement and the intelligence community can adapt to technology that evolved and is adopted at a rapid pace."

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected