This has been quite a year for encryption. Encryption has won a few victories. It has taken a few hits. The largest victory of the year, though, came as an early Christmas present. The House Encryption Working Group released a report (the “EWG Report”) this week reaffirming the importance of encryption, arguing in favor of maintaining the status quo.
{mosads} The EWG Report offered four observations. The observations should “provide the foundation for further examination of this issue” in the next Congress. The four observations were:
- Any measure that weakens encryption works against the national interest;
- Encryption technology is a global technology that is widely and increasingly available around the world;
- The variety of stakeholders, technologies, and other factors create different and divergent challenges with respect to encryption and the “going dark” phenomenon, and therefore there is no one-size-fits-all solution to the encryption challenge; and
- Congress should foster cooperation between the law enforcement community and technology companies.
The report should at least pause the debate as to whether Congress should provide law enforcement with encryption backdoors.
Encryption, as a concept, is quite complex. There are two broad categories, for lack of a better term: device encryption and end-to-end encryption. Device encryption secures smartphones, computers, tablets, and other electronic devices. End-to-end encryption secures communications. This latter type of encryption can include secure text messages through apps like Telegram or WhatsApp. It can include secure transactions, such as mobile bank deposits and Internet transactions on Amazon.
In short, encryption is pervasive in the modern age of technology. Encryption is also a necessary component for the success of this age.
Late 2015 and 2016 saw litigation and a number of tragedies where officials blamed encryption for hindering investigations. This includes the November 2015 attack in Paris, the San Bernardino terrorist attack, numerous drug deals, and even murders. Law enforcement agencies in Paris claimed the attackers used WhatsApp and Telegram to communicate with each other, preventing the police from intercepting them.
The FBI in the San Bernardino attack infamously obtained an order from the court compelling Apple to unlock the attacker’s work phone. In Manhattan, the district attorney claims his investigators cannot access over 400 locked iPhones and other Apple devices. There are a number of reports from California to Louisiana where law enforcement cannot access murder victims’ locked smartphones.
Law enforcement agencies on the federal and state level claim encryption prevents them from thoroughly investigating crimes in a phenomenon called “going dark.” Both the House report and other facts bely the claim. For example, of the over 400 locked iOS devices in Manhattan, the district attorney admitted the inability to access the devices prevented prosecution in only 74 cases, which is less than 20 percent for the locked devices and minuscule compared to the over 100,000 cases his office handles per year.
According to the EWG report, the phenomenon is less “going dark” and more “going spotty.” Law enforcement agencies have other means of collecting data from devices, including warrants, or subpoenas, to Apple, Google, Verizon, AT&T, cloud storage and other companies. Law enforcement agencies can still access unencrypted metadata, which may be just as damning or form the necessary probable cause to support a warrant.
The report hints the perceived “going spotty” problem may be solved by better educating law enforcement officials as to their options. Its first “next step,” in fact, is “[e]xploring tools that might help companies clarify what information is already available to law enforcement officers, and under what circumstances.”
The EWG report is a great place for Congress, and states, to start. It signals Congress understands how free and open encryption practices led to innovation the current, robust online-marketplace. It also signals that Congress is unwilling to disturb encryption’s status quo.
Postscript: For those interested, the debate over whether law enforcement agencies should have encryption backdoors is not new. While one could argue the debate began in the 1970s, it came to a head in the early 1990s. In 1993, the White House supported legislation that would have required manufacturers to install “Clipper Chips” in electronic devices. The “Clipper Chip” would have provided law enforcement agencies the ability to intercept otherwise encrypted communications. The arguments against backdoors in the 1990s are still applicable today.
Jonathon Hauenschild, J.D., is a technology policy analyst in Washington, D.C. He is the founder and principle of Franklin Adams & Co., LLC.
The views expressed by Contributors are their own and are not the views of The Hill.