“Encryption and Surveillance: Why the law-enforcement access question will not just go away.”
Communications of the ACM,
Privacy and Security
“Widespread use of sound encryption is our strongest weapon in the fight against intellectual-property theft, identity theft, and many other online crimes.”
Is the increasing use of encryption an impediment in the fight against crime or an essential tool in the defense of personal privacy, intellectual property, and computer security? On the one hand, law-enforcement (LE) agencies complain about “going dark.” On the other hand, computer-security experts warn that forcing law-enforcement access (LEA) features into devices or protocols would impose high costs and create unacceptable risks.
This argument echoes the 1990s “crypto war” about whether strong encryption technology that had been tightly regulated during the Cold War should only have been deregulated if vendors provided “key-escrow” features that prevented criminals from using it with impunity. The opponents of key escrow won that war by convincing the government that key escrow was difficult to implement securely and that foreign competitors of U.S. technology companies could gain an advantage by assuring customers that no third parties would have access to their keys.
Calls for LEA have resurfaced, because, in the wake of the Snowden revelations, technology vendors have been pushing end-to-end encryption protocols deeper into the computing and communications infrastructure; in fact, some products and services are now built so that encryption is automatic and vendors themselves cannot unlock devices or decrypt traffic unless the owner of the device provides the passcode. This can lead to LE agents’ being unable to access cleartext data even when they are fully authorized to do so, or, in more melodramatic terms, to their “going dark”; they have called for vendors to build in LEA featuresa that enable access with an appropriate warrant but without the owner’s passcode.
In this column, I first summarize some of the arguments that have been made for and against LEA and explain why I believe that LEA features should not be mandated at this time. I then argue that the question of whether some form of LEA is technically feasible and socially desirable is unlikely to go away and deserves further study.
About the Author:
Joan Feigenbaum is the Grace Murray Hopper Professor of Computer Science at Yale University, New Haven, CT, USA.