Going Dark

A Bipartisan Call for Serious Consideration of Potential Solutions to the Encryption Challenge

By Jamil N. Jaffer, Daniel J. Rosenthal
Tuesday, June 14, 2016, 8:00 AM

Although we served as national security officials for Presidents from different parties, we stand united in our concern for the growing threat of a significant terrorist attack on our shores, due to the continued ambition of terrorist organizations worldwide to do us harm. This threat is further enabled by our government’s increasing challenges in confronting ongoing plotting because of the growing use of strong encryption by terrorists (whether such use is witting or because of a decision by companies to build such encryption into the core of their product offerings) and a simultaneous decrease in Silicon Valley’s willingness to assist the government.

Indeed, as we drafted this very article, news broke of the horrific shooting in Orlando. It is too early to know how an individual known to the FBI was able to perpetrate this act of terror. It is possible encrypted devices, services, and apps played a role, but authorities no doubt will be investigating the question in the coming days. Whatever facts emerge, Orlando is an illustration of the importance of developing thoughtful, non-reactionary, and bipartisan solutions. If we fail to do so, we risk leaving our nation unprotected and, ironically, invite overly aggressive and restrictive measures undertaken in the period of collective grief and fear following a terrorist attack.

While there are many reasons for the increase in the rate of terrorist use of strong encryption, including the Snowden disclosures, the phenomenon presents very real consequences for our nation as we face additional challenges in finding and stopping those who wish to do us harm. We firmly believe that the opportunity exists for Silicon Valley and the government to work together to find a solution that enables the continued use of encryption for beneficent purposes, but restores the government’s long-existing capability to gain access to the communications of terrorists, under valid legal process, to detect and prevent major terrorist attacks before they can be carried out.

The opportunity to work together on a reasonable, middle-ground solution may be transient—it could quickly vanish in the wake of the next significant terrorist attack in the United States. As we have seen time and again, in the aftermath of significant attacks, our government—responding to public demands—works to quickly devise solutions that provide the government the tools that it needs on the national security side. It is not necessarily a bad thing for the government to be responsive to the people, but for those concerned with both privacy and security, to include both individual and collective security, there is a well-founded fear that these solutions tend to be less privacy protective than those developed outside the heat of the moment. This is why, even as we reel from yet another attack, cooler heads must prevail. At the moment, privacy advocates and Silicon Valley have a seat at the table and the temperature in the room is (at least somewhat) mild. Therefore, these groups must seize on this opportunity, and sense of unity, to help the government restore its counterterrorism capabilities while responsibly protecting privacy and civil liberty values.

Encryption provides a vital service in protecting privacy and data security in our increasingly connected world. It facilitates secure online transactions, enables political dissidents to speak out against repressive regimes, and protects businesses, governments, and individuals from the significant, persistent, and growing threats posed by cyber actors worldwide. In short, strong encryption is vital in the 21st century. But so too is our government’s ability to defend the nation against terrorist attacks. We do not want to live in a world in which one of these capabilities exists because the other has been disregarded.

There are many who proclaim hopelessness at solving this problem; they have concluded that there is no way to foster the continued availability and integrity of encryption while enabling government access. We disagree with that premise, or, at the very least, we believe that it is grossly premature to arrive at that conclusion.

In our recent law review article published by the Catholic University Journal of Law and Technology (available here), we outline and discuss several rational proposals that are worth exploring in greater detail. While it would be premature for us to identify any one of these proposals as the golden ticket, the fact that there are proposals that seek to bridge the gap between the two sides suggest that additional effort would be beneficial to further explore these proposals, and develop new ones, in search for a reasonable compromise. Again, while there is still time.