Encryption is an important technical building block for Internet trust. It secures our infrastructure, enables e-commerce, ensures the confidentiality of our data and communications, and much more. Yet, because bad actors can also use encryption to hide their activities, it can present challenges for law enforcement.
How, or even if, law enforcement should gain access to encrypted content has remained a divisive issue for the last twenty years. Yet, even as encryption tools have grown in variety and use, the public debate has become over-simplified into a battle between those for and against encryption. That public debate often fails to address the nuances of the digital-communications and data-storage landscape, or how it has evolved. With both sides largely talking at each other, rather than listening to one another, there has been little headway towards a solution, or set of solutions, that is acceptable to all.
In October of 2017, the Internet Society and Chatham House convened an experts roundtable under the Chatham House Rule to deconstruct the encryption debate. They explored ways to bridge two important societal objectives: the security of infrastructure, devices, data, and communications; and the needs of law enforcement. The roundtable brought together a diverse set of experts with different interests and perspectives, engaging them in an open and frank conversation. They identified key nuances around the use of encryption, along with specific areas where progress can be made. They also divided the problem into manageable pieces, providing a clear set of issues that will require focused future efforts from stakeholders to address.
We are pleased to release our report from the Internet Society-Chatham House Roundtable on Encryption and Lawful Access.
Participants identified an important aspect missing from the public debate – distinguishing between the different types and contexts in which encryption was used. For example, device encryption helps protect data at rest, end-to-end encryption messaging apps secure data and information in transit, while anonymized technologies use encryption to mask the identity of individuals online. Participants observed that law enforcement agencies and intelligence agencies may each seek lawful access under different contexts and for different purposes. For example, law enforcement agencies may be more focused on accessing device encrypted information to aid in prosecution, while intelligence agencies may instead seek to intercept end-to-end encrypted communications to prevent crime or terrorism.
With all this complexity, attempting to tackle encryption and lawful access as a single issue is impossible. Instead, participants concluded that focused and careful discussions are needed around specific issues towards a tailored solution to the larger challenge of encryption and lawful access. In addition, participants saw strengthening cooperation as an important first step toward a productive dialogue. They also saw value in helping law enforcement understand the tools and information they can use which do not weaken encryption.
It will take effort from all stakeholders solve the set of issues around encryption and lawful access that the roundtable identified. Using the outcomes of this roundtable as a starting point, the Internet Society and Chatham House aims to extend this dialogue in 2018 and explore concrete steps toward a societal consensus around encryption.
Please read our report from the Internet Society-Chatham House Roundtable on Encryption and Lawful Access to better understand the issues surrounding lawful access to encrypted content, the challenges, and key areas for improvement.