30+ Years of Freedom of Information Action

Cyber Brief: The Encryption Debate

Published: Mar 7, 2018

Edited by Michael Martelle

Cyber Brief: The Encryption Debate

The encryption debate pitting concerns of privacy and civil rights against concerns of law enforcement and national security has grown in significance in recent years. Today’s posting provides a series of reports and articles on current encryption concerns, followed by Congressional testimony from the Clinton-Era to the present.

 

Reports and Articles

 

Congressional Research Service, Encryption and Evolving Technology: Implications for U.S. Law Enforcement Investigations, September 8, 2015. Unclassified.

This document outlines challenges to law enforcement that arise from rapidly evolving encryption techniques and risk outpacing the law enforcement community's decryption capabilities.

 

New York County District Attorney, Report of the Manhattan District Attorney's Office on Smartphone Encryption and Public Safety, November 2015. Unclassified.

This report examines challenges presented by smartphone encryption to the investigative capabilities of law enforcement agencies.

 

House Homeland Security Committee, Going Dark, Going Forward: A Primer on the Encryption Debate. Unclassified.

The catalyst of this study were the 2015 terrorist attacks in Paris and San Bernardino and the ensuing debate of the possible role of encryption in facilitating such attacks. The study contains five chapters, which address: encryption, security, and the modern economy; encryption, public safety, and law enforcement; encryption in assorted foreign nations and the United States; the absence of simple solutions; and the need for a national dialogue.

 

Congressional Research Service, Encryption: Selected Legal Issues, March 3, 2016. Unclassified.

This report explores the legal implications of encryption including compelled decryption as it relates to the right against self-incrimination and compelled assistance.

 

Combatting Terrorism Center, Robert Graham “How Terrorists Use Encryption”, June 2016. Unclassified. [3544]

Source: The CTC Sentinel

In this article Robert Graham gives an overview of encryption technology before explaining the methods and tactics terror groups use to securely communicate and maintain information.

 

Chris Jaikaran, Congressional Research Service, Encryption: Frequently Asked Questions, September 28, 2016. Unclassified.

This report discusses the technology of encryption, the use of encryption, and concludes with a policy discussion. Among the issues discussed are gains and losses from encryption, Fourth and Fifth Amendment implications, and trade-offs with regard to information security and national security.

 

New York County District Attorney, “Report of the Manhattan District Attorney’s Office on Smartphone Encryption and Public Safety: An Update to the November 2015 Report”, November 2016. Unclassified. [4033]

Source: Manhattan District Attorney

This report provides an update to previous work examining challenges presented by smartphone encryption to the investigative capabilities of law enforcement agencies.

 

European Union Agency for Network and Information Security, “ENISA’s Opinion Paper on Encryption: Strong Encryption Safeguards our Digital Identity”, December 2016. Unclassified. [3267]

Source: ENISA

This paper provides an overview of encryption related to privacy and personal security balanced against the requirements of Security Services and concludes that while Security Service concerns are legitimate, encryption technology will likely persist among criminals. The paper also concludes that “back doors” and weakened encryption are likely to be leveraged by criminals as well as Security Services.

 

House Judiciary Committee & House Energy and Commerce Committee, Encryption Working Group Year-End Report, December 20, 2016. Unclassified.

This report from the committee's joint working group on encryption contains four observations (including that "any measure that reduces encryption works against the national interest") and a discussion of next steps (including with respect to law enforcement requests for information and metadata analysis).

 

Kristin Finklea, Congressional Research Service, Law Enforcement Using and Disclosing Technology Vulnerabilities, April 26, 2017. Unclassified.

This paper discusses the evolution of law enforcement exploiting vulnerabilities, the vulnerabilities equities process, data on retaining and disclosing vulnerabilities, the use of known vulnerabilities, data issues, and policy issues.

 

New York County District Attorney, “Third Report of the Manhattan District Attorney’s Office on Smartphone Encryption and Public Safety”, November 2017. Unclassified. [2017 Report]

Source: Manhattan District Attorney

This report provides an update to previous work examining challenges presented by smartphone encryption to the investigative capabilities of law enforcement agencies.

 

Legislative Debate

 

Early Debate

 

Jerry Berman, Center for Democracy and Technology, "How Current U.S. Encryption Policy Fails to Meet the Needs of American Internet Users," Testimony before the Senate Committee on Commerce, Science and Transportation, Subcommittee on Science, Technology, and Space, June 26, 1996. Unclassified.

This testimony represents an earlier round in the debate over encryption and law enforcement, in which the author challenges government and law enforcement arguments on the subject and asserts that "U.S. encryption policy fails to recognize the needs of users and the changes brought on by the Internet Age."

 

Louis J. Freeh, Director, Federal Bureau of Investigation, "Impact of Encryption on Law Enforcement and Public Safety," Testimony before the Senate Committee on Commerce, Science, and Transportation, July 25, 1996. Unclassified.

In his testimony, the FBI director asserts that there exists a "serious threat to public safety posed by the proliferation and use of robust encryption products that do not allow for timely law enforcement access and decryption."

 

United States Congress, Testimony of the Honorable William A Reinsch Under Secretary of Commerce at the Hearing Before the Senate Commerce Committee Entitled “New Directions in Commercial Encryption Policy”, July 25 1996. Unclassified. [2932]

This testimony provides a look into the mid-1990s encryption debate leading up to the Clinton Administration consideration of encryption policies balancing privacy, commerce, and security.

 

United States Congress, Testimony of the Honorable William A Reinsch Under Secretary of Commerce at the Hearing Before the Senate Commerce Committee Entitled “Administration Encryption Policy”, March 19 1997. Unclassified. [3286]

This testimony provides an update to Under Secretary Reinsch’s July 1996 testimony and reflects the Clinton Administration’s decisions on encryption.

 

Prepared Statement of William P. Crowell, Deputy Director, National Security Agency, House Judiciary Subcommittee on Courts and Intellectual Property, March 20, 1997. Unclassified.

In this statement, the NSA's deputy director comments on legislation that was pending with regard to the relaxation of export controls concerning encryption technology, and discusses NSA's role in developing the Clinton administration's encryption policy.

 


 

SAFE Act

 

United States Congress, Prepared Testimony of Dr Charles W Deneka Chief Technical Officer of Coming Incorporated on Behalf of The National Association of Manufacturers Before the House Judiciary Committee Hearing on HR 3011 Security and Freedom Through Encryption (SAFE) Act, September 25 1996. Unclassified. [2934]

This testimony provides a look into the mid-1990s encryption debate as Congress considered the Security and Freedom Through Encryption Act.

 

United States Congress, Prepared Statement of Marc Rotenberg Director of the Electronic Privacy Information Center at the Hearing Before the House Judiciary Subcommittee on Courts and Intellectual Property on the Security and Freedom Through Encryption (SAFE) Act, March 20 1997. Unclassified. [3287]

In this testimony Marc Rotenberg voices EPIC’s support for the SAFE Act while expressing concern over section 2805 which would criminalize the use of encryption in the commission of a criminal offense.

 

United States Congress, Prepared Statement of Jerry Berman, Executive Director of the Center for Democracy and Technology at the Hearing Before the House Judiciary Subcommittee on Courts and Intellectual Property on the Security and Freedom Through Encryption (SAFE) Act, March 20 1997. Unclassified. [3288]

In this testimony Jerry Berman criticizes US encryption policy, characterizes law enforcement arguments as “eroding”, and argues the Congress has the best chance of enacting CDT’s recommendation of liberalizing the export controls in the SAFE Act.

 

United States Congress, Prepared Statement of Philip R Karn Jr Staff Engineer at Qualcomm Inc at the Hearing Before the House Judiciary Subcommittee on Courts and Intellectual Property on the Security and Freedom Through Encryption (SAFE) Act, March 20 1997. Unclassified. [3289]

In this testimony Philip R. Karn Jr. describes his experience in litigating the status of a book that included encryption coding. The government argued that the code was a “dangerous weapon” while the author, and Karn’s testimony, argue that it is speech protected under the First Amendment. Karn extends this argument and argues that regulating encryption software is then a First Amendment violation.

 

United States Congress, Prepared Statement of Thomas R Morehouse President and CEO of Sourcefile at the Hearing Before the House Judiciary Subcommittee on Courts and Intellectual Property on the Security and Freedom Through Encryption (SAFE) Act, March 20 1997. Unclassified. [3290]

In this testimony Thomas R. Morehouse voices support for the SAFE Act and argues that criminalizing the use of encryption for criminal activities is preferable to implementing export controls which would do little to “put the Genie back into the bottle” with regards to the proliferation of encryption technology.

 

United States Congress, Prepared Statement of Johnathan Seybold Chairman and Director of Pretty Good Privacy Inc at the Hearing Before the House Judiciary Subcommittee on Courts and Intellectual Property on the Security and Freedom Through Encryption (SAFE) Act, March 20 1997. Unclassified. [3291]

In this testimony Johnathan Seybold opposes the Clinton Administration’s policy of allowing the export of encryption only if the US Government is given the decryption key on grounds of economic competition, consumer security, and privacy rights. Seybold argues that the SAFE Act, with some modifications, would address concerns held by PGP.

 

United States Congress, Prepared Statement of Roberta Katz Senior Vice President General Counsel and Secretary of Netscape Communications Corp on Behalf of the Information Technology Association and Software Publishers Association at the Hearing Before the House Judiciary Subcommittee on Courts and Intellectual Property on the Security and Freedom Through Encryption (SAFE) Act, March 20 1997. Unclassified. [3292]

In this testimony Roberta Katz voices criticism of the Clinton Administration’s policies and gives support to the SAFE Act.

 

United States Congress, Prepared Statement of Ira Rubinstein Senior Corporate Attorney at Microsoft Corp on Behalf of the Business Software Alliance at the Hearing Before the House Judiciary Subcommittee on Courts and Intellectual Property on the Security and Freedom Through Encryption (SAFE) Act, March 20 1997. Unclassified. [3293]

In this testimony Ira Rubinstein criticizes export controls for regulating encryption technology and supports the SAFE Act as a preferable alternative.

 

United States Congress, Prepared Statement of Phyllis Schlafly President of the Eagle Forum at the Hearing Before the House Judiciary Subcommittee on Courts and Intellectual Property on the Security and Freedom Through Encryption (SAFE) Act, March 20 1997. Unclassified. [3294]

In this testimony Phyllis Schlafly voices concerns that regulation of encryption erodes First Amendment rights and argues against the SAFE Act provision criminalizing use of encryption in furtherance of a crime.

 


 

Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives

 

United States Congress, Statement of Captain Charles Cohen Commander of Intelligence and Investigative Technologies for the Indian State Police at the Hearing Before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations Entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives”, April 19 2016. Unclassified. [1176]

Source: House Energy and Commerce Committee

In this testimony Captain Charles Cohen explains the impact of encryption technologies on investigations into internet crimes against children.

 

United States Congress, Prepared Testimony of Chief of Intelligence Thomas P Galati New York City Policy Department Before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations Entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives”, April 19 2016. Unclassified. [1177]

Source: House Energy and Commerce Committee

In this testimony Thomas P Galati explains cases of “going dark” in which law enforcement is unable to access evidence due to encryption despite having the legal ability to do so.

 

United States Congress, Statement of Amy Hess Executive Assistance Director Science and Technology Branch Federal Bureau of Investigation at the Hearing Before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations Entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives”, April 19 2016. Unclassified. [1178]

Source: House Energy and Commerce Committee

In this testimony Amy Hess explains the FBI’s perspective on the encryption debate and the need to balance privacy against maintaining investigative capabilities.

 

United States Congress, Statement of Harris County Sheriff Ron Hickman at the Hearing Before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations Entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives”, April 19 2016. Unclassified. [1179]

Source: House Energy and Commerce Committee

In this written testimony, Sheriff Ron Hickman explains the impact of encryption on a selection of Houston-area law enforcement investigations.

 

United States Congress, Statement of Bruce Sewell Senior Vice President and General Counsel of Apple Inc at the Hearing Before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations Entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives”, April 19 2016. Unclassified. [1180]

Source: House Energy and Commerce Committee

In this testimony Bruce Sewell argues against the introduction of “back doors” in encrypted communication applications and devices.

 

United States Congress, Testimony of Daniel J Weitzner Director of the MIT Internet Policy Research Initiative and Principal Research Scientist of the MIT Computer Science and Artificial Intelligence Laboratory at the Hearing Before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations Entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives”, April 19 2016. Unclassified. [1181]

Source: House Energy and Commerce Committee

In this testimony Daniel J Weitzner examines points of nuance in the encryption debate and argues against any “one size fits all” solutions.