Inconclusive encryption report straddles ongoing policy debate

A long-awaited report on encryption lays out a framework for governments and technologists to compromise over the problem of law enforcement's access to encrypted communications, but it lacks hard conclusions or recommendations to settle the debate.

In 2015, Congress charged the National Academies of Sciences, Engineering and Medicine with putting together a panel of experts to help break an impasse that has existed between policymakers and technologists for decades.

A Feb. 15 report is the end product of that request. The authors -- experts from law enforcement, cryptography, Silicon Valley and academia -- take pains to meticulously document and represent the different viewpoints and priorities that have driven both sides to a stalemate while pointing out that increasing global reliance on technology will only exacerbate existing tensions.

FBI Director Christopher Wray and Deputy Attorney General Rod Rosenstein have stated that law enforcement agencies have thousands of locked devices relevant to ongoing criminal investigations that they are unable to access. Both have called for tech companies to implement what they call "responsible encryption" measures, but computer scientists and cybersecurity experts argue there is no way to satisfy those demands without also reducing security barriers for hackers and nation states.

In lieu of recommendations, the committee settled on a set of questions designed to provide a framework for possible compromise.

That was by design, according to Fred Cate, who chaired the committee that produced the report. One of the conditions placed upon the committee's work by its funders was that it avoid crafting specific recommendations.

In an emailed response to FCW's questions, Cate acknowledged that restriction was initially frustrating to deal with, but it wound up giving the committee two significant advantages that helped govern the report's overall direction.

"[We] recognized the fact that a longstanding challenge in the encryption debate is that the many sides rarely can agree on the same facts or even the same vocabulary, much less the same conclusions," Cate said. "So, the decision to focus on developing a common set of facts and contexts that the entire membership of this very diverse committee could sign on to … has enormous value and, in fact, represents a necessary step in moving the debate forward."

The immediate reaction to the report's release suggests it may take some time to change minds.

"After over three years of debating the questions articulated in this Framework, it's clear that the only appropriate answer is that no policy that would weaken or limit access to encryption should be adopted," Robyn Greene, policy counsel for New America's Open Technology Initiative, said in a statement.

Congress, Greene continued, should use the questions posed in the report's framework "to move on from the encryption backdoor debate, and finally turn to the critical discussion of how to ensure that law enforcement and the intelligence community can adapt to technology that evolved and is adopted at a rapid pace."