The New York Times reported on March 24 that the FBI and Justice Department are again pushing for extraordinary access to encrypted data. This will certainly set off yet another round of the long-standing debate over encryption.
This debate has made little progress. Those in favor of giving law enforcement extraordinary, or “backdoor,” access to encrypted data argue that there is no way to protect public safety in a world of unbreakable encryption. And those against say that any form of extraordinary access will create mass vulnerabilities and leave basic internet infrastructure insecure. The recent report of the National Academies on encryption describes this debate as “very polarized.”
Given this polarized posturing, it may seem like the debate is at an impasse. Yet several commentators, including the authors of the National Academies report and contributors to Lawfare, have looked for new ways to advance the debate. In a recent paper, my colleagues Arthur Rizer, Zach Graves, Mike Godwin and I synthesize these ideas and others to propose a way forward on encryption policy.
We propose a three-part test for policymakers, with each part tied to specific action items that may be addressed by advocates on either side of the debate. The test is designed to advance the discussion of whether extraordinary access can be justified. First, we ask whether there is empirical evidence for the need for extraordinary access. Second, we ask whether an acceptable technology already exists for such access. Last, we ask whether adequate policy and legal frameworks can be developed to put that technology safely into practice.
In light of these questions, the New York Times report is both promising and concerning. It notes that the Justice Department has been working with computer scientists on developing a technological system limited to encrypted smartphones, in line with the second question we ask. Yet any technology that might result from this reportedly “quiet” collaboration is unlikely to satisfy the test we propose.
First, notional systems for extraordinary access to encrypted data will be sensitive and require thorough evaluation to find flaws. If research is conducted behind closed doors, the Justice Department is diminishing its ability to benefit from out of the box thinking, criticism and troubleshooting. For example, the Spectre and Meltdown vulnerabilities that used processor timing to reveal passwords were present in Intel processors for decades and only discovered recently because of some truly creative testing. When it comes to extraordinary access technology, an open peer review and testing process (akin to the National Institute for Standards and Technology contest for developing the Advanced Encryption Standard) is more likely to ensure that the best minds can identify any unexpected flaws that would leave vulnerable a seemingly secure extraordinary-access system. Although one could envision an extraordinary-access system where the technology is kept secret, the general consensus among cryptographers is that the better path forward is an open and well-tested system with only the government's internal keys kept secret; secret algorithms are “something likely to make a system prone to catastrophic collapse.”
Second, research into extraordinary-access systems may ultimately be wasteful if it turns out that, in view of other surveillance and investigation methods, law enforcement does not actually need extraordinary access to encrypted data. Indeed, recent events suggest only that the case for extraordinary access is now weaker: the recent report that the Justice Department slow-walked efforts to unlock San Bernardino shooter’s phone, as Susan Landau has explained on Lawfare, “casts doubt on the argument” in favor of extraordinary access.
Finally, in addition to calling for an open process for researching technology, we also call for an open discussion of the policy framework that will implement that technology. Designed correctly, an extraordinary-access system will include not just chips on phones or specialized encryption algorithms, but also laws to compel or encourage adoption of the system, to control how law enforcement uses its power to read encrypted messages and to deal with the fallout if something goes wrong. The Trump administration is apparently engaging in internal dialogue on legislation, but it is an open question whether that dialogue will deal with some of these policy questions, and there is as of yet no indication that the Justice Department or the administration is convening policy experts along with the technologists.
Here are just a few policy implementation questions: How will the extraordinary-access system includes accountability and auditing to ensure that law enforcement doesn’t misuse the backdoor to spy on friends or enemies? How will local law enforcement work with federal agencies to obtain access? How will the security of the backdoor be tested on an ongoing basis to ensure that software implementations don’t have bugs or errors? What happens if a serious flaw is found in the implementation—is there a process for recalling or patching every device? How will law enforcement deal with cross-border investigative requests, while resisting pressures from foreign governments to open up extraordinary access beyond what the United States may deem acceptable? Our paper identifies further policy questions like these; the National Academies report advances even more.
Answering questions like these will be at least as important, and likely more difficult, than devising the technology itself. Indeed, solving these problems will probably overwhelm the project. But that is no excuse for not trying. It is the responsibility of those calling for extraordinary access to have in hand not only a viable technology but also the policy framework accompanying that technology.