As discussed earlier, prominent leaders of the law enforcement community have warned that encryption is restricting their access to unencrypted stored data or message plaintext and that even as the volume of digital information expands, important parts of the digital world are “going dark” as more stored data and communications are encrypted by default. Some members of the intelligence community have concurred that pieces of the digital world are getting “dimmer” although not necessarily “dark.” Thus, some government officials have argued that they need a reliable, timely, and scalable way to access plaintext. They point to (1) the widespread and increasing use of encryption by default in widely used products and services, (2) the myriad national security threats posed by terrorist groups and foreign rivals, (3) the increasing importance of digital evidence as human activity and crime have become increasingly digital, and (4) the limited effectiveness of alternative sources of digital evidence.
Opponents of regulations that would afford government exceptional access to plaintext have objected on a number of legal and practical grounds. Their primary arguments are that any regime by which providers of products and services featuring encryption are required to provide a way for ensuring government access to plaintext likely would (1) be ineffective, (2) pose unacceptable risks to cybersecurity, (3) pose unacceptable risks to privacy and civil liberties, (4) disadvantage U.S. providers of products and services, and (5) hamper innovation in encryption technologies. They take the view that the growing use of information
technology and sophisticated collection and analysis capabilities have created a wealth of information for investigators.
With arguments on both sides, how can policymakers and citizens decide what to do? How can they evaluate the policy choices of whether to enable law enforcement and the intelligence community to maintain their current level of access, provide more resources to facilitate lawful government access, impose a legal requirement for mandatory access, or pursue other options? How can they assess the effect of each approach on law enforcement and national security, computer and data security, privacy and civil liberties, competitiveness, and other important values?
To inform that evaluation, this chapter provides a framework of questions that the committee believes any proposal must address. It captures the issues that the committee grappled with as it considered potential approaches and the broader context in which they arise. The objective of this framework is not simply to help policymakers determine whether a particular approach is optimal or desirable, but also to help ensure that any approach that policymakers might pursue is implemented in a way that maximizes its effectiveness while minimizing harmful side effects.
Importantly, in addressing these questions, policymakers will have to contend with incomplete data, limits on the ability to measure important properties, and an inability to fully predict the consequences of courses of action (Box 7.1). They will also need to contend with the complexity introduced by the thousands of communications and computing products available today, an international marketplace where new computing and communications products and services are introduced with regularity, and the interactions of those markets with the strategies and policies that are adopted by other nations.
Underlying the questions are a set of trade-offs associated with encryption and government access. One of the fundamental trade-offs is
that adding exceptional access capability to encryption schemes necessarily weakens their security to some degree, while the absence of an exceptional access mechanism necessarily hampers government investigations to some degree (Box 7.2). If the extent of those impacts were clear and could be weighed, it would certainly help illuminate the path forward, but, alas, the impacts are not precisely quantifiable. As the debate proceeds, it will help to have a framework to sort through the issues.
With any proposal, one should certainly explore all the foreseeable consequences, and the framework provides a tool for doing so. Potential flaws do not, however, necessarily invalidate an option. There are unlikely to be options that satisfy everyone, and solutions will be, at best, only partially effective. Circumstances will also change over time, in ways that cannot reliably be foreseen. This is especially true for those in the United States anticipating events and trends overseas.
The framework is designed to be applicable to (1) regulatory requirements, such as a general requirement that the manufacturers of a particular device must ensure lawful access to that device; (2) policy choices, such as a decision to provide more funding to support efforts by government agencies to obtain lawful access to plaintext; and (3) particular technologies or system modifications that might be imposed by law or implemented in response to a general requirement for access. The questions that follow use the term “approach” to describe all of these.
The more specific the approach being considered, the greater the ease and precision with which the framework may be applied. This does not mean that a vague proposal is necessarily desirable or undesirable, but simply that it will be more difficult (and, in some cases, impossible) for policymakers and others to assess its desirability. This is a significant point because the stakes involve critical values to our society.
The questions that comprise the framework are as follows:
1. To what extent will the proposed approach be effective in permitting law enforcement and/or the intelligence community to access plaintext at or near the scale, timeliness, and reliability that proponents seek?
This question has four elements. The first is whether the proposed approach works to provide access to plaintext. An approach that cannot be demonstrated to work is unlikely to warrant further consideration. The second is what scale, timeliness, and reliability are needed to achieve the desired objective. For example, a lesser scale may be needed if the objective is to afford access in the more limited number of situations where critical national security interests are at stake. The third is whether the proposed approach works at the scale, timeliness, and reliability necessary to achieve its proponents’ objectives. The fourth is how long the solution will be effective in the face of rapid technological change.
Some ways of obtaining access to plaintext are slow and resource intensive. These may be entirely appropriate for one-off needs. For example, the Federal Bureau of Investigation reportedly paid around $1 million in 2016 for a way to access the encrypted iPhone used by a San Bernardino terrorist. However, whether or not that was an effective approach when the government sought access to only a single encrypted device, if the
goal is to provide access to a large number of encrypted communications or the content on many encrypted devices, then the proposed approach must work far more efficiently and cost effectively. An approach may not provide 100 percent of the desired access, but it needs to be worth the effort and worth the trade-offs.
Determining whether a proposed approach works at scale is often not easy because multiple components must not only be evaluated individually but also assessed for how well they integrate together. For example, a requirement that mobile phone manufacturers provide some way for law enforcement or intelligence officials to bypass encryption on devices requires not only testing the method for how well it works in real-world settings, but also assessing the tools for verifying the credentials of government officials who seek access and the tools for ensuring that access is provided only when legally authorized. In addition, evaluating effectiveness at scale also requires considering how easy it is for end-users to disable or otherwise circumvent the proposed approach, for example, by using an encrypted app or altering the device’s encryption. It also involves understanding what requirements regarding robustness against skilled adversaries are practical to include, and how effective they would be. Evaluating effectiveness at scale requires not only defining what the needs are but also estimating the investment in the people, equipment, and facilities required to provide access that is sufficiently responsive to meet the needs of law enforcement and the intelligence community.
2. To what extent will the proposed approach affect the security of the type of data or device to which access would be required, as well as cybersecurity more broadly?
Given how important encryption is for the security of devices, systems, and data; the magnitude of cybersecurity threats faced in the digital environment; and how great the consequences can be of falling victim to those threats, it is critical to determine whether and to what extent a proposed approach is likely to affect cybersecurity more broadly.
This question consists of two parts. The first focuses on the specific context in which access to plaintext is sought and asks whether the proposed approach would affect the security of that particular type of communication, device, or service. This would include an assessment of what risks the proposed approach might add as well as the context of existing risks associated with the device or service. The second question asks about the broader impact of the proposed approach on security generally and is likely to be more difficult—but also more important—to answer. For example, the use of surveillance or a spear phishing attack to obtain the password to a single mobile phone poses a serious risk to the security
of data on that device, but low risk to any other device. Conversely, a limit on the strength of encryption that may be provided in products and services would pose a much broader security challenge.
Answering this question also requires considering what happens in the case of failure—for example, if access credentials or known vulnerabilities are stolen from law enforcement or intelligence officials, as happened with the publication of known vulnerabilities in 2016 and 2017 that were reportedly stolen from the Central Intelligence Agency and National Security Agency. Even without a theft from a government agency, how likely is the method for gaining access to be exploited by unauthorized third parties? Is there a reliable way to cancel stolen credentials or to notify equipment and service providers of known vulnerabilities and prevent their exploitation? If the system is compromised, what is the potential scale of abuse that could occur? Is it possible to detect that a system or credentials have been compromised?
3. To what extent will the proposed approach affect the privacy, civil liberties, and human rights of targeted individuals and others?
Encryption, like all technological innovations, can be used for either legitimate or illicit purposes. Some of those legitimate uses include protecting the privacy of communications and other content. As we have seen, the law in many countries—including the Constitution in the United States—protects personal privacy. It is therefore important to consider to what extent a proposed approach could threaten legally protected privacy rights and other civil liberties.
This inquiry, too, has two elements. The first focuses on individuals who are specifically targeted by law enforcement or by the intelligence community and is concerned with how well a proposed approach ensures that government access will be permitted only with appropriate authorization and only to the content specifically authorized.
The second part of the question focuses on the privacy and civil liberties interests of people who are not targeted. How likely is it that the proposed approach could be used for unauthorized surveillance, whether accidental or deliberate, and how well does the approach guard against unauthorized surveillance? Will the proposed approach result in such greatly increased surveillance—even when authorized—that it will chill free expression or free association? Even if it is used as planned and authorized, to what extent will the proposed approach permit collection of information about people who are not targeted, including those who may be communicating with targets? Does the approach include appropriate minimization procedures or other safeguards to limit the use of communications of people who are not targets?
4. To what extent will the proposed approach affect commerce, economic competitiveness, and innovation?
Encryption has become a mainstay of commerce as a way of not only protecting the content of communications and documents, but also verifying the identity of communicating parties and of protecting the integrity of transactions, especially online. Policymakers should therefore consider to what extent a proposed approach is likely to affect commerce.
This inquiry should also consider the likely impact of any proposed approach on the economic competitiveness of U.S. providers of equipment, software, cloud-computing services, and encryption tools themselves. Will the proposed approach limit the ability of U.S. service providers and manufacturers to market their products and services as secure options or otherwise compete in other countries?
Finally, how does the proposed approach affect the ability of the scientific and technical research community to continue to advance encryption technologies or the U.S. industry to innovate in the development and deployment of new products and services?
5. To what extent will financial costs be imposed by the proposed approach, and who will bear them?
Any approach to ensuring government access to plaintext will impose costs. This inquiry focuses on the financial costs and asks, first, how great are those costs likely to be? In answering this question, it is important to consider the full range of financial costs and the full range of parties who might incur them. For example, those costs may include not only the expenses associated with engineering and design, testing, implementation, compliance, enforcement, and oversight, but also opportunity costs of customers who may go elsewhere or products and services that might not be offered.
The second part of the inquiry focuses on who bears those costs. Under some laws, such as the Communications Assistance for Law Enforcement Act, the U.S. government covered only part of the costs incurred by industry. Will that be the case with the proposed approach: Will the costs incurred by industry, individuals, and states be covered in whole or in part by the federal government?
6. To what extent is the proposed approach consistent with existing law and other government priorities?
It is obviously necessary that any approach enacted by the government comply with relevant legal requirements. Constitutional requirements can-
not be changed simply by enacting a new law. More than just compliance, it is also important that policymakers consider the degree to which a proposed approach is consistent with other laws and other government objectives. For example, what would the effects of a proposal be on freedom of expression and association?
These considerations also arise in an international context. The availability of encrypted communications has been a key tool for organizing protests and resisting authoritarian governments. Support for democracy movements around the world has, at least historically, been an important objective of U.S. foreign policy. Enacting laws that would ensure government access to encrypted communications, depending on the specific mechanisms required, could conflict with that longstanding objective.
An issue related to consistency with existing law is whether unsettled questions of law may make a particular approach more challenging or otherwise less attractive. For example, policymakers may want to consider the impact of unsettled law regarding Fifth Amendment implications of requiring an individual to provide a biometric or a passcode.
7. To what extent will the international context affect the proposed approach, and what will be the impact of the proposed approach internationally?
Although laws are typically limited by state or national jurisdictional boundaries, flows of information and markets for digital products and services are increasingly global. It is therefore important for policymakers to consider both the impact of a proposed approach in the broader multinational context as well as the impact of multinational considerations on the proposed approach. For example, to what extent will a proposed approach to ensuring access to plaintext affect international trade or the quest for democracy in other countries? What would be its impact on foreign users not targeted by the U.S. government? How will it affect U.S. nationals traveling abroad? How would a proposed approach jeopardize existing international agreements around privacy and cybersecurity? For example, what are the implications for the EU-U.S. Privacy Shield Framework, which provide companies with a mechanism to comply with data protection requirements for personal data transferred to the United States?
International developments may also have an impact on the effectiveness of a proposed approach. For example, if U.S. law limits the strength of U.S. encryption products or requires that there be a guaranteed way for the U.S. government to access plaintext, will users simply switch to products and services that are not subject to such a law? Will enforcement be practical if users can download nonconforming encryption products
from the Web—or implement their own solutions based on globally available knowledge? What, if any, enforcement will be necessary at border crossings to cover people who enter carrying noncompliant devices? Or will the new requirements make U.S. users communications or equipment less secure against foreign intrusion?
8. To what extent will the proposed approach be subject to effective ongoing evaluation and oversight?
Any measure for ensuring government access to plaintext is liable to be misused, whether accidentally or deliberately. The more powerful and far-reaching the approach, the greater the harm that may result from its misuse. It is therefore important that the approach be subject to effective and continuing evaluation and oversight and include a robust and assured audit mechanism that supports detection of misuse, detection of authorized use that has unintended consequences (e.g., on specific populations or international stakeholders), and degradation of the effectiveness of the approach as it is applied. This will help ensure compliance with the Constitution and other law, guard against relying on and investing scare resources in approaches that do not work, and sustain public support for any proposed approach. Policymakers are therefore advised to consider whether the evaluation and oversight mechanisms are sufficiently reliable, robust, and effective, especially in light of the breadth of their scope.
* * *
The committee anticipates that developing and debating answers to these questions will help illuminate the underlying issues and trade-offs and help inform the debate over government access to plaintext. Moreover, it is the committee’s hope that the analytical framework above, together with the common vocabulary and context provided by this report, will facilitate an ongoing, frank conversation, involving all parties, about the encryption debate and proposed approaches.