Most digital messages are encrypted to protect privacy. Governments around the globe seek to mandate backdoor access to prevent terrorism and online child abuse. They should think again. This new CEPA policy paper by
Heather West
rejects the binary choice between good and bad, and encrypted privacy versus unencrypted success in fighting child abuse and terrorism.
The report “Encryption: It’s Not About Good and Bad Guys” offers a history of private sector encryption and the battle it has unleashed with policy and intelligence agencies.
- Government motivations are understandable and well-meaning, to combat child sexual abuse and terrorism. But it is also clear that degrading or breaking encryption risks significant social costs — and may not even be necessary for effective investigations.
- Encryption should be preserved and protected while measures are taken to support alternative investigatory mechanisms, training, and partnerships for valid law enforcement and intelligence needs.
- Despite the focus on encryption, other options exist. Investigators can use online services and devices to collect and create information — content from users, metadata, analytics, and telemetry.
- Laws that force organizations and individuals to weaken encryption leave data and communications vulnerable to unauthorized access and breaches.
- Given that the Internet is a global network, one country’s anti-encryption laws pose interoperability and compatibility issues with other countries that do not share similar laws.
- Some proposals would compel technology companies to search their users’ content for illegal material — and in effect, turn the companies into police or intelligence agencies. Few private enterprises want — or should be forced — to take on this role.
- Policymakers around the world need to back away from talking past each other, entrenched in their respective viewpoints. This deadlock diminishes hope of reaching a well-rounded, mutually beneficial solution.