Published by The Lawfare Institute
in Cooperation With
The encryption debate dates back to Clinton administration proposals for the “clipper chip” and mandatory deposit of decryption keys. But that debate reached new prominence in connection with the FBI’s efforts to compel Apple to decrypt the phone of a dead terrorist in the San Bernardino case.
A new study by the National Academies of Sciences, Engineering, and Medicine tries to shed some light, and turn down the heat, in the debate over whether government agencies should be provided access to plaintext versions of encrypted communications and other data.
FBI and other law enforcement officials, and some intelligence officials, have argued that in the face of widespread encryption provided by smart phones, messaging apps, and other devices and software, the internet is “going dark.” These officials warn that encryption is restricting their access to information needed for criminal and national security investigations, arguing that they need a reliable, timely and scalable way to access it.
Critics have raised legal and practical objections that regulations to ensure government access would pose unacceptable risks to privacy and civil liberties and undermine computer security in the face of rising cyber threats, and may be less necessary given the wider availability of data and alternative means of obtaining access to encrypted data.
As the encryption debate has become increasingly polarized with participants on all sides making sweeping, sometimes absolutist, assertions, the new National Academies’ report doesn’t purport to tell anyone what to do, but rather provides a primer on the relevant issues.
The product of 18 months’ work by a diverse array of leaders from law enforcement, computer science, civil liberties, law, and other disciplines, the report offers a common set of descriptions of the technologies, applications, and issues involved in the encryption debate.
The report details the array of contexts in which law enforcement might seek access to encrypted content and the range of options available to governments, ranging from doing nothing to imposing specific technological tools for guaranteeing government access.
It concludes with a structured framework organized around eight questions for evaluating proposals to provide authorized government agencies with access to encrypted content:
- To what extent will the proposed approach be effective in permitting law enforcement and/or the intelligence community to access plaintext at or near the scale, timeliness, and reliability that proponents seek?
- To what extent will the proposed approach affect the security of the type of data or device to which access would be required, as well as cybersecurity more broadly?
- To what extent will the proposed approach affect the privacy, civil liberties, and human rights of targeted individuals and groups?
- To what extent will the proposed approach affect commerce, economic competitiveness, and innovation?
- To what extent will financial costs be imposed by the proposed approach, and who will bear them?
- To what extent is the proposed approach consistent with existing law and other government priorities?
- To what extent will the international context affect the proposed approach, and what will be the impact of the proposed approach internationally?
- To what extent will the proposed approach be subject to effective ongoing evaluation and oversight?
The goal of the framework is not merely to help decision makers reach rational decisions but also to help them appreciate the broad ramifications of those decisions and to tailor those decisions to reduce unintended consequences whenever possible. The framework also highlights the need for better data to guide fact-specific decisions.
There is no silver bullet in the encryption debate. But it is our hope that this report and the example of the civil, informed deliberation among widely divergent perspectives necessary to produce it, may provide a useful guide for future decisions about this most contentious of issues.
The study was sponsored by William and Flora Hewlett Foundation, John D. and Catherine T. MacArthur Foundation, and the National Science Foundation (award CNS-1555610) and is available online at