全球智库信息集成服务系统

Introduction

The encryption of data and communications has long been understood as essential. Strong encryption thwarts criminals and preserves privacy for myriad beneficiaries, from vulnerable populations to businesses to governments. At the same time, encryption has complicated law enforcement investigations, leading to law enforcement calls for lawful access capabilities to be required of encryption technologies.

The 2016 San Bernardino legal dispute between the Federal Bureau of Investigation (FBI) and Apple over access to an encrypted iPhone provided a snapshot of the contentious debate on law enforcement access to encrypted data. Law enforcement initially argued that mobile device¹ encryption presented a significant barrier to its efforts to investigate a deadly counterterrorism case. Apple responded that the FBI’s request that it create software to circumvent its encryption raised unacceptable implications for the security of its broader customer base. The ensuing legal showdown left little room for compromise. The dispute ended when the FBI found a way to access the device without Apple’s assistance, so the courts did not resolve the issue.

Since that time, a variety of attempts have been made to move the discussion forward. A report published in February 2018 by the National Academy of Sciences (NAS) enhanced the common understanding of encryption and illuminated the false dichotomy that some have drawn between “security” and “privacy.”² Security in the context of the encryption debate consists of multiple aspects including national security, public safety, cybersecurity and privacy, and security from hostile or oppressive state actors. The key is determining how to weigh competing security interests. The report therefore presents a framework of essential questions to evaluate plans for lawful access to encrypted data. In addition to the 2018 report, several computer scientists have proposed, albeit with controversy, design approaches they argue would allow access while using a variety of technical and procedural safeguards to minimize the increased risk to cybersecurity and prevent misuse. Finally, some governments have helpfully begun to acknowledge the difficulty of the problem and the downsides of requiring government access.³ A recent article by UK officials, for example, highlights the lack of silver bullet solutions and therefore the need for principled collaboration and compromise.⁴

At the same time, disclosures of massive data breaches and revelations about the powerful user-tracking abilities of technology companies have underscored the valuable role encryption can play in safeguarding personal data.⁵ Individuals around the world—from everyday citizens to at-risk groups such as journalists, activists, and marginalized groups fearing persecution—increasingly make use of encryption to protect not just against cyber crime but also unwanted disclosure and monitoring by technology platforms and other actors. The importance of encryption has grown as information technology enables the creation and storage of more and more sensitive personal information. User-controlled encryption is and will be in the future an essential component of delivering on those desires, particularly as individuals become more skeptical of U.S.-based and foreign technology companies that would otherwise have access to sensitive private information. In addition, other countries have taken steps to strengthen data protection, such as the European Union General Data Protection Regulation (GDPR).

The group behind this paper—including former government officials, business representatives, privacy and civil rights advocates, law enforcement experts, and computer scientists—came together believing that more common ground is attainable and that the discussion can be best honed through specific, honest, and open-minded discussion among diverse perspectives. Our goals are:

1. to engage in and promote a more pragmatic and constructive debate on the benefits and challenges of the increasing use of encryption;
2. to identify specific areas where greater common ground may be possible; and
3. to propose potentially more fruitful ways to evaluate the societal impact, including both benefits and risks, of any proposed approaches that address the impasse over law enforcement access to encrypted data.

We should highlight that we approach this issue from the point of view of stakeholders in the United States and discuss our framework for evaluating approaches in the U.S. context with policymakers at the national level as the target audience. The working group has sought not to repeat but rather to expand upon the 2018 NAS study. Although in many cases we reinforce some of the findings of the NAS study, our paper delves more deeply into one particular component of the debate—that on mobile phone encryption—and details a more specific approach to evaluating proposals focusing on law enforcement access to encrypted mobile phones.

We do so for two reasons. First, it is the problem set that is most commonly raised by law enforcement. However, importantly, we also found greater common ground and believe this is the area where a constructive dialogue is likely more achievable than other, even more contentious areas such as encrypted communication.

In this paper, we do not rule out any way forward regarding law enforcement access to encrypted mobile phones, nor do we endorse or propose any specific technical approach or legislation or mandates. Rather, we share what has shaped and emerged from our discussions: a framework for decisionmaking based on our findings about how to productively focus encryption considerations and debate, the core principles to which any proposed approach should adhere, and our approach to identifying and weighing risks through practical threat scenarios. These components have enabled our group to find unanticipated agreement on some points, and we hope they will do the same for the broader debate over law enforcement access and encryption.

Pursuing a More Constructive Dialogue on Encryption and Law Enforcement Access

Many groups have published principles and key considerations related to the debate over law enforcement access to encrypted data. Each has helped advance the discussion by identifying key equities at stake, offering guidance for reaching agreement, or communicating the views of different groups. Rather than repeating or proposing replacing such content, we have set out several guidelines that can motivate better, healthier dialogue and avoid unproductive dead ends.

Avoid Absolutist Positions

All stakeholders should avoid holding absolutist positions; these are unlikely to result in productive dialogue. The focus should be on a careful and specific assessment of risks, benefits, trade-offs, and options. The goal must be to recognize, balance, and align core principles across a broad range of social and organizational interests. The United States and other liberal democratic governments are established, in part, to protect equality under the law as well as individual privacy and liberty. They are responsible for protecting the public safety and national security. They advance the economic interests of businesses and markets and carry out the full scope of a country’s foreign policy. A more constructive debate requires continuing to deliver concurrently on all these promises: not by simply trading one for the other, but by seeking the best possible alignment of interests, as guided by shared principles and values.

Frame the Debate as a Shared Concern

Those who favor broad availability of strong encryption do not dispute that law enforcement is challenged by encrypted communications and devices and that in some instances strong encryption facilitates crime that harms real victims; those who favor lawful access do not dispute that use of strong encryption prevents crime and protects people. Stakeholders should seek out areas of common ground, establish shared interests, and consider and include the perspectives of all relevant stakeholder communities, not just a subset. Groups that are often underrepresented in this debate, including communities of color and low-income communities, bring valuable insights on how encryption policies could affect certain areas, for example, the disparate impacts of law enforcement and the impact on U.S. values of equality, openness, and privacy. Even within our group, we recognize that there are several such stakeholder communities that are not represented. We urge those who build upon our work to continue to expand engagement with these communities.

Recognize That Security Takes Many Forms and Is Intertwined With Privacy and Equity

“Security” can be defined in a variety of ways, such as national security and public safety, cybersecurity and privacy, or security from hostile or oppressive state actors. These interests are all priorities. All parties—including those who typically make rights-based arguments and those who typically make national security–and law enforcement–based arguments—are concerned with thwarting malicious actors, criminals, terrorists, and foreign agents, and investigating and preventing crime and threats to public safety. Encrypted technologies also support and enhance not only the speech and communications of individuals and communities but also the missions and operations of national security and law enforcement. The key is determining how we can jointly figure out how to weigh competing security responsibilities based on factual analysis and more informed cost/benefit assessments.

Assess the Range of Impacts

Privacy, cybersecurity, public safety, and national security are important, but they are not the sole interests at stake. Economic competitiveness, foreign policy, freedom of expression, civil and human rights, and the need to maintain an open internet are other important and sometimes overlapping interests. U.S. companies do business around the world. In addition, the U.S. economy and national security benefit from the U.S. technology advantage. Careful consideration is therefore warranted of whether any action might accelerate the loss of that advantage, especially in an environment where some nations and populations hold fairly antagonistic sentiments toward U.S. companies and manufacturers.

Attend to International Dynamics

While this paper focuses on the United States, the U.S. debate is not happening in a vacuum; it will affect (and be affected by) choices made in other countries and by non-U.S. technology companies. (Recent papers published by the Encryption Working Group assess the environment in Australia, Brazil, China, Germany, India, and the European Union.⁶) Any proposed approach should be adaptable beyond a U.S. setting, both to enhance commonality and to reduce the burden of implementation. Policymakers should consider the viability of any proposal in light of users and devices crossing borders. They should further consider that U.S. policies will give legitimacy to replication by other nations, including those with weaker judicial protections and records on human rights. Finally, policies should be considered in light of the effect they will have on U.S. foreign policy interests.

Think Long Term

Given rapidly changing technology and governmental needs, a long-term perspective is essential. Governments should account for technological change and recognize that needs will change over time. Industry, for its part, will innovate over time and in response to governance. Questions including how encryption is likely to be deployed over time (based on evolving market trends, customer demand, and engineering realities) are important to consider, as is the continued rapid growth of digital data collection and storage.⁷ Recent papers published by the Encryption Working Group, for example, examine the impact of quantum computing and likely future adoption of user-controlled encryption.⁸

Accept Imperfection

No approach will address every concern perfectly. Stakeholders must accept that some level of risk is inherent in any future path. Cybersecurity advocates should not dismiss out of hand the possibility of some level of increased security risk, just as law enforcement advocates should accept that they may not be able to access all of the data they seek. More conversations are needed to identify a reasonable standard of expectation in these areas, and whether precedents and existing standards (for example, those in the Electronic Communications Privacy Act, Wiretap Act, Foreign Intelligence Surveillance Act, or Fourth and Fifth Amendment jurisprudence) offer any guidance.

Separate the Debate Into Component Parts

It is probably impossible to establish a single approach that applies to each of the diverse applications of encryption in society. Stakeholders, technologies, processes, policies, and regulatory environments are very different when it comes to protecting data in the cloud, data in motion, and data on devices. Proposals that attempt to solve every issue are unlikely to succeed. The more constructive discussions will be those that examine one part at a time. Some components, as described in the next section, are more worthy of pursuit than others.

Place the Issue of Encryption Into the Broader Context of Law Enforcement Capabilities

Encryption has taken a central role in much of the public debate, but other policies and practices also affect law enforcement’s ability to obtain data sought for investigations.⁹ These include accessing data in the cloud and on internet-of-things devices, use of communications metadata, law enforcement hacking, obtaining timely and full compliance with court orders and other legal process in situations not involving encryption, as well as such legal and policy tools as mutual legal assistance treaties, personnel and resource levels, and policies on how government hacking is handled (for example, the vulnerabilities equities process). Investments in these areas could theoretically offset some of the impact on law enforcement from inaccessible encrypted data, but they also come with their own complex considerations and trade-offs.

Recognize There Is No Purely Technical Approach

Any proposal to increase law enforcement access must address process, infrastructure, and policy—not just technology. How would requests for access be made and authenticated? What would be the roles and responsibilities of various actors in the system? How would information be delivered? What sort of legal duties would law enforcement have to satisfy? What are the oversight expectations? What would be the risks and benefits due to these nontechnical aspects? These kinds of nontechnical questions are necessary to understand fully any such proposal’s risks and benefits.

Recognize the Challenge of Effective Implementation

A key principle of cybersecurity is to keep the design of systems as simple as possible; complexity highly increases the risk of insecurity. Any proposal should attempt to minimize the risk of catastrophic failures at the implementation level.¹⁰<

Balance the Need for a Strategic Approach and the Need for Technical Detail

The world of cryptography, digital communications, and data management is deeply technical; this complicates the broader societal conversation that is needed on encryption. On one hand, more strategic, accessible approaches are needed to broaden this circle. On the other, some risks often can only be identified at very detailed, technical levels of investigation. Proposals should be tested multiple times—including at strategic levels (for example, do they establish high-level principles and requirements to weed out incomplete or unfeasible proposals?) and at technical levels (for example, what are the technical risks of the specific implementation?).

Produce Better Data for Both the Risks and Benefits of a Proposal

Many reports have lamented the inadequacy of available data to understand and evaluate the risks and benefits of proposals for law enforcement access to encrypted data. Agencies could adopt procedures to generate better data, such as tallies of how many encrypted devices they have encountered and in what types of cases. Structural challenges to producing the desired data require addressing the following questions: how can federal, state, and local law enforcement provide accurate data about investigations, or measure the quality of “leads” that came from such information? Similarly, how can stakeholders assess the degree to which a proposed solution is likely to result in a reduction in privacy for individuals, for example, who are not the intended targets of a lawful search? In other cases, such as understanding state- and local-level needs, the challenge is more about resources and authority to request such data. In any case, stakeholders in the encryption debate have an ongoing responsibility to reevaluate and seek better data to inform the debate.¹¹

Starting Points

First of all, we reject two straw men—absolutist positions not actually held by serious participants, but sometimes used as caricatures of opponents—(1) that we should stop seeking approaches to enable access to encrypted information; or (2) that law enforcement will be unable to protect the public unless it can obtain access to all encrypted data through lawful process. We believe it is time to abandon these and other such straw men.

Specifically, systems exist today that allow for encryption as well as decrypted access by an authorized third party. (For example, some enterprise disk encryption products allow user control in most use cases, while enabling enterprise IT staff to recover data if necessary.) Does any approach deliver the important benefits of end-to-end encryption while addressing the various concerns noted above? That is a debate worth having. Can developers design systems with access for third parties? Yes. Should they be required to do so? There is significant disagreement in our group about that.

A position that law enforcement must have access to all information or else society will disintegrate is similarly lacking. Throughout modern history, there have been technologies to destroy information and there has been much information that was beyond the reach of law enforcement. The same is true today and society continues to function. And new sources of information are now available that did not exist or were not recorded in the past. Law enforcement has not shirked from its responsibility to catch criminals and reduce crime, nor will it in the future. Can law enforcement operate in an environment where encryption is more broadly available? Yes. Should law enforcement simply be required to cope with every possible type of encryption product? There is significant disagreement in our group about that.

Any approach serving the needs of persons or societies generally comprises a mix of technology, human action, and feedback mechanisms designed to ensure its proper operation. This is especially true of approaches proffered by governments, as in the case of the United States, based on a foundation of limited and constrained powers where the feedback mechanism must ensure that any approach taken, including a technological one, is constrained through procedures, controls, and oversight to the expressed purposes allowed by the Constitution and law of the United States. Therefore, we are likely to find that any approach seeking to align the various interests dependent on the use of encryption will comprise technology, procedures, and controls designed to deliver and sustain the desired alignment.

Focus on Mobile Phone Encryption Promises More Productive Discussion

Of all the guidance listed above, separating the debate into its component parts has been little embraced in practice. Few public statements from national governments, for example, have distinguished between approaches for data at rest and data in motion. Similarly, when groups raise concerns about undermining encryption, they tend to emphasize the general risks versus those related to specific applications of encryption.

One exception has been the energetic debate in the cybersecurity research community about data at rest. Two computer scientists released separate preliminary approaches for how law enforcement might gain access to data stored on mobile phones while attempting not to undermine cybersecurity for all users.¹² Many in the computer security community are skeptical of these and similar approaches.¹³ But whether or not these proposals stand up to rigorous testing and debate, at least they allow stakeholders to compare the risks and benefits of the same thing.

The working group encourages continued, focused dialogue on the topic of law enforcement access to mobile phone data at rest. We have not concluded that any existing proposal in this area is viable, that any future such proposals will ultimately prove viable, or that policy changes are advisable at this time. Rather, we urge continued, pragmatic debate on the topic. Mobile phone data at rest seems to us to be the area most likely to enable fruitful debate among diverse communities-of-interest and most likely to lead to clearer characterization of risks and benefits, for reasons we outline below and in Figure 1. Moreover, it is a good place to focus because if good-faith debate on all sides can’t lead to more constructive discussions in this area, then there are likely none elsewhere.

Other parts of the encryption debate, as illustrated in Figure 1, seem much less tractable. In the case of data in motion, for example, our group could identify no approach to increasing law enforcement access that seemed reasonably promising to adequately balance all of the various concerns. For that reason, at least for now, this group believes that dialogue in this area will continue to be very difficult, and that implementing policy changes that give access to encrypted data in motion should not be pursued.

Figure 1. Focusing on Component Parts of the Law Enforcement (LE) and Encryption Challenge.

Branch 1: Focusing on the Domestic Law Enforcement Challenge Rather Than the Foreign Intelligence Challenge

The first branch in this decision tree excludes consideration of how the intelligence community accesses encrypted information targeted at non-U.S. persons outside the United States for the purpose of obtaining foreign intelligence information to understand foreign adversaries and their intentions. We think it is reasonable to assume that although the increasing use of encryption services may be a challenge for certain types of foreign intelligence collection abroad, it is likely not as acute as that for domestic law enforcement, which must operate within the context of the U.S. criminal justice system. (Agencies operating under intelligence rules, while restricted in certain ways, may have options that law enforcement agencies do not.)

Branch 2: Focusing on Data at Rest Rather Than Data in Motion

The second branch in this decision tree excludes, at this stage, consideration of approaches that would allow law enforcement access to data in motion (for example, text messages being exchanged through end-to-end encrypted messaging platforms). This is an area of significant importance to law enforcement agencies, which frequently cite encrypted data in motion, as occurs with texting applications such as WhatsApp, as a major challenge.

Data in motion poses challenges that are not present for data at rest. For example, modern cryptographic protocols for data in motion use a separate “session key” for each message, unrelated to the private/public key pairs used to initiate communication, to preserve the message’s secrecy independent of other messages (consistent with a concept known as “forward secrecy”). While there are potential techniques for recording, escrowing, or otherwise allowing access to these session keys, by their nature, each would break forward secrecy and related concepts and would create a massive target for criminal and foreign intelligence adversaries. Any technical steps to simplify the collection or tracking of session keys, such as linking keys to other keys or storing keys after they are used, would represent a fundamental weakening of all the communications. Given this and other considerations, such as the number of independent keys in use, it is much harder to identify a potential solution to the problems identified regarding data in motion in a way that achieves a good balance.

Branch 3: Focusing on Encryption of Data on Mobile Phones Rather Than on Data on General Devices or in Cloud Storage

The third branch in this decision tree focuses on mobile phones. Ultimately, we decided to focus on mobile phones because that is what law enforcement agencies most commonly cite as the type of device to which they seek access. With that said, there are several other factors informing this decision. First, general devices—such as laptops, desktops, and workstations—provide users far more flexibility in configuring how and what software operates on the machine, making it less likely that a lawful access approach could be protected from work-arounds or compromise by criminal actors.¹⁴ In addition, the great deal of variability between devices complicates any effort to design a lawful access system that would not unintentionally interfere with normal device functionality.

Law enforcement also relies on accessing, through appropriate legal process, encrypted data held in the cloud (like email, documents, calendar data, or contact information synchronized across devices). For law enforcement, however, this is a less worrisome area than encrypted phones or encrypted messaging. That is because providers often maintain access to encryption keys for data in the cloud in order to satisfy consumer needs to access, sync, and recover such data, for example when a password is lost. The prevalence of cloud data is growing and, as such, represents another tool and source of data for law enforcement. There is already significant work ongoing between law enforcement and technology providers to arrange the right procedures and capabilities to obtain such data through legal process.

Finally, mobile phones use commercial data services (for example, through cellular systems), unlike devices that lack that feature or connect to the network solely via Wi-Fi. The national cellular networks involve a relatively small number of companies operating under a national regulatory regime.¹⁵ From a policymaking perspective, this may facilitate policy implementation. By contrast, a lawful access approach requiring action by the many types and locations of independently operated or owned local Wi-Fi services would be unmanageable.

Branch 4: Focusing on Approaches That Involve Key Escrow, Rather Than Delivery of Code Updates to a Phone

As scoped so far, there are two primary ways in which law enforcement could theoretically gain access to a mobile phone.¹⁶ One of these is to develop an approach involving key escrow, in which copies of encryption keys are held securely so that, in certain circumstances, an authorized third party can access them. The second would be for law enforcement to ask or compel service providers to send a uniquely designed software update that would enable law enforcement to surreptitiously access data on a specific, targeted phone.

The working group has chosen to focus on key escrow approaches in part because code updates, typically delivered by service providers over the internet, patch known flaws in software and hardware and are considered a foundation of basic cybersecurity hygiene. Companies and cybersecurity specialists worry that consumers will be less likely to accept updates—thus exposing themselves to exploitation by hackers and governments—if they are suspicious of potential government interventions through such means. Such disincentives, even if they only were to affect a percentage of users, would have a systemically negative impact on cybersecurity that could outweigh the benefits of lawful access. Another risk is that of unintended social distortions, for example, if minority groups who fear law enforcement targeting tend to decline updates more frequently than other users.

Another potential concern with code updates would be their potential detrimental impact on the expansion of nascent cybersecurity technologies, such as software and firmware transparency, that allow a user to confirm that they have received a standard update rather than one modified by hackers or law enforcement. These technologies benefit law-abiding users but would prevent the delivery of customized updates for a single phone on behalf of law enforcement from remaining a secret. Finally, from an operational perspective, the update approach may only be successful before an individual is aware that he is under law enforcement investigation. Once the individual is aware of an investigation or has been arrested, or the phone is taken into law enforcement custody, he is unlikely to accept further code updates.

However, advocates for code updates believe that they present a viable potential approach that, if done carefully and under lawful processes, could be a narrow and targeted way to obtain lawful access to data on encrypted phones. They also point to code updates that could be issued after the device has been lawfully seized. Advocates argue that the above assumptions regarding negative consumer behaviors in response to a code update system are not yet backed by empirical evidence.¹⁷ They further argue that technologies such as software transparency are unlikely to be deployed widely. However, the group collectively agreed that its current efforts should focus on possible key escrow systems because of the unknowns and general disagreement regarding code updates.

Branch 5: Focusing on Key Escrow Arrangements Involving the Key Physically Residing on the Mobile Phone Device, Rather Than Off-Device

One of the characteristics that makes a focus on mobile phone encryption promising is the opportunity for the encryption key to physically reside on the mobile