An “Encryption Working Group” formed by the House Judiciary Committee and the House Energy and Commerce Committee, which was meant to investigate the impact of encryption on law enforcement and intelligence agencies’ capabilities, found that the issue of encryption making criminals “go dark” has been overblown.
Instead, it found that at best, the challenge for law enforcement seems to be akin to criminals “going spotty.” The report also found that weakening encryption would be against the national interest of protecting hundreds of millions of individuals from criminals trying to obtain their data.
The European Union Agency for Network and Information Security (ENISA), which acts as an advisory agency for member states and organizations on the issue of cyber security, recently came out strongly against backdoors and the weakening of encryption as well. The agency concluded that backdoors or the weakening of encryption would harm both the security of millions of innocent individuals as well as the economy of the European Union.
The recent U.S. House Report seems to largely agree. The report came to four main conclusions.
Weakening Encryption Is Against The National Interest
The Encryption Working Group (EWG) met with representatives of law enforcement and intelligence agencies. The agencies say that encryption has made some data unavailable that was previously available (at least in the era of the Internet and smartphones), but also admitted that encryption is “vital” for national security and securing critical infrastructure and other important assets.
Civil liberties organizations also told the EWG that encryption is essential for privacy, protecting human rights, freedom of speech, and protection against domestic and foreign intrusion.
Companies’ security experts and academics also told the House group that encryption is one of the most important tools they have against a wide array of domestic and foreign threats.
Encryption Is A Global Technology
Law enforcement officials admitted to the EWG that even if Congress passes a law that would require companies to decrypt all the provided encrypted services and products, it wouldn’t necessarily stop bad actors from using encryption. Encryption tools are often free and open source, and there are many other services headquartered outside of the U.S. jurisdiction.
Therefore, encryption backdoors may not only have little effect on stopping criminals from using encryption, but it could also harm the trust in U.S. products and services. It wouldn’t be just U.S. consumers that would lose trust in them, but also other nations.
After Snowden’s revelations, we’ve already seen that some countries have started demanding data to be stored locally so that the U.S. government can’t access it through programs such as PRISM or other secret data requests. If backdoors became national law, chances are this trend would accelerate. The EWG recommended Congress to find alternative solutions to encryption backdoors.
No “One-Size-Fits-All” Solution
The EWG group found that because there are multiple types of encryption, including storage encryption, communications encryption, and end-to-end encryption, and with each having multiple ways of being achieved, there couldn’t be a single backdoor or solution to address all of these cases.
Cooperation Between Companies And Law Enforcement Already Strong
Despite the FBI’s attempt to cast the encryption debate as a war between private companies and the government, the EWG found that companies already cooperate with law enforcement to a large degree. However, local or state law enforcement agencies often don’t have the technical capabilities to take advantage of the data given to them.
The EWG said that law enforcement could make better use of the large volumes of unencrypted data and metadata already offered to them by private companies. However, one law enforcement representative said that using such data is often like “looking for a particular grain of sand on the beach.” This seems to be contrary to the main reasoning for offering mass surveillance to intelligence agencies in the past--“you need the haystack to find the needle.”
Civil liberties groups have often criticized this reasoning as not making sense because mass surveillance would then represent “adding more hay to the stack” and making it harder to find a particular target. The law enforcement representative quoted by the House Encryption Working Group seems to agree with the civil liberties groups here.
Mass surveillance wasn’t the topic of the report, but backdoors would make mass surveillance and abuses of power much easier.
The EWG’s recommendations for the short and medium term seem to involve improving law enforcement’s technical capabilities so that agents know how to make proper use of existing tools and data that’s already available to them.
The group tried to emphasize throughout its report that a fight between law enforcement and private companies is not beneficial to anyone and that ultimately encryption backdoors would harm the national interest and security. Therefore, cooperation around alternative solutions may be needed to move the debate forward.