Cybersecurity & Tech Surveillance & Privacy

A Bipartisan Call for Serious Consideration of Potential Solutions to the Encryption Challenge

Jamil N. Jaffer, Daniel J. Rosenthal
Tuesday, June 14, 2016, 8:00 AM

Although we served as national security officials for Presidents from different parties, we stand united in our concern for the growing threat of a significant terrorist attack on our shores, due to the continued ambition of terrorist organizations worldwide to do us harm.

Published by The Lawfare Institute
in Cooperation With

Although we served as national security officials for Presidents from different parties, we stand united in our concern for the growing threat of a significant terrorist attack on our shores, due to the continued ambition of terrorist organizations worldwide to do us harm. This threat is further enabled by our government’s increasing challenges in confronting ongoing plotting because of the growing use of strong encryption by terrorists (whether such use is witting or because of a decision by companies to build such encryption into the core of their product offerings) and a simultaneous decrease in Silicon Valley’s willingness to assist the government.

Indeed, as we drafted this very article, news broke of the horrific shooting in Orlando. It is too early to know how an individual known to the FBI was able to perpetrate this act of terror. It is possible encrypted devices, services, and apps played a role, but authorities no doubt will be investigating the question in the coming days. Whatever facts emerge, Orlando is an illustration of the importance of developing thoughtful, non-reactionary, and bipartisan solutions. If we fail to do so, we risk leaving our nation unprotected and, ironically, invite overly aggressive and restrictive measures undertaken in the period of collective grief and fear following a terrorist attack.

While there are many reasons for the increase in the rate of terrorist use of strong encryption, including the Snowden disclosures, the phenomenon presents very real consequences for our nation as we face additional challenges in finding and stopping those who wish to do us harm. We firmly believe that the opportunity exists for Silicon Valley and the government to work together to find a solution that enables the continued use of encryption for beneficent purposes, but restores the government’s long-existing capability to gain access to the communications of terrorists, under valid legal process, to detect and prevent major terrorist attacks before they can be carried out.

The opportunity to work together on a reasonable, middle-ground solution may be transient—it could quickly vanish in the wake of the next significant terrorist attack in the United States. As we have seen time and again, in the aftermath of significant attacks, our government—responding to public demands—works to quickly devise solutions that provide the government the tools that it needs on the national security side. It is not necessarily a bad thing for the government to be responsive to the people, but for those concerned with both privacy and security, to include both individual and collective security, there is a well-founded fear that these solutions tend to be less privacy protective than those developed outside the heat of the moment. This is why, even as we reel from yet another attack, cooler heads must prevail. At the moment, privacy advocates and Silicon Valley have a seat at the table and the temperature in the room is (at least somewhat) mild. Therefore, these groups must seize on this opportunity, and sense of unity, to help the government restore its counterterrorism capabilities while responsibly protecting privacy and civil liberty values.

Encryption provides a vital service in protecting privacy and data security in our increasingly connected world. It facilitates secure online transactions, enables political dissidents to speak out against repressive regimes, and protects businesses, governments, and individuals from the significant, persistent, and growing threats posed by cyber actors worldwide. In short, strong encryption is vital in the 21st century. But so too is our government’s ability to defend the nation against terrorist attacks. We do not want to live in a world in which one of these capabilities exists because the other has been disregarded.

There are many who proclaim hopelessness at solving this problem; they have concluded that there is no way to foster the continued availability and integrity of encryption while enabling government access. We disagree with that premise, or, at the very least, we believe that it is grossly premature to arrive at that conclusion.

In our recent law review article published by the Catholic University Journal of Law and Technology (available here), we outline and discuss several rational proposals that are worth exploring in greater detail. While it would be premature for us to identify any one of these proposals as the golden ticket, the fact that there are proposals that seek to bridge the gap between the two sides suggest that additional effort would be beneficial to further explore these proposals, and develop new ones, in search for a reasonable compromise. Again, while there is still time.

Jamil N. Jaffer currently serves, among other things, as an Adjunct Professor of Law and Director of the Homeland and National Security Law Program at the George Mason University School of Law where he teaches classes on counterterrorism, intelligence, surveillance, cybersecurity, and other national security matters. Jamil is also affiliated with Stanford University’s Center for International Security and Cooperation and most recently served as the Chief Counsel and Senior Advisor for the Senate Foreign Relations Committee. Jamil also previously served as Senior Counsel to the Permanent Select Committee on Intelligence of the U.S. House of Representatives and in the Bush Administration in a variety of capacities, including in the White House as an Associate Counsel to the President and in the Justice Department’s National Security Division as Counsel to the Assistant Attorney General for National Security. Jamil holds degrees from UCLA, the University of Chicago Law School, and the United States Naval War College.
Daniel J. Rosenthal is an Associate Managing Director in Kroll’s Investigations and Disputes practice, based in the Washington, D.C. office. He serves as an Adjunct Professor at the University of Maryland’s Honors College, where he teaches an award-winning course on national security dilemmas. Mr. Rosenthal previously served in a variety of national security positions in the Obama Administration, including as Director for Counterterrorism with the National Security Council, as Senior Counsel to the Assistant Attorney General for National Security at the Department of Justice, and as a Senior Associate General Counsel for the Director of National Intelligence.

Subscribe to Lawfare