How to Analyze An Encryption Access Proposal – Freedom to Tinker

admin on March 29, 2017 Leave a Comment

It looks like the idea of requiring law enforcement access to encrypted data is back in the news, with the UK government apparently pushing for access in the wake of the recent London attack. With that in mind, lets talk about how one can go about analyzing a proposed access mandate.

The first thing to recognize is that although law enforcement is often clear about what result they wantgetting access to encrypted datathey are often far from clear about how they propose to get that result. There is no magic wand that can give encrypted data to law enforcement and nobody else, while leaving everything else about the world unchanged. If a mandate wereto be imposed, this would happen viaregulation of companies products or behavior.

The operation of a mandate would necessarily be a three stage process: the government imposes specificmandate language,which induceschanges in product design and behavior by companies and users, thereby leading toconsequencesthat affect the public good.

Expanding this a bit, we can lay out some questions that a mandate proposal should be prepared to answer:

These questions are important because they expose the kinds of tradeoffs that would have to be made in imposing a mandate. As an example, covering a broad range of devices might allow recovery of more encrypted data (with a warrant), but it might be difficult to write requirements that make sense across a broad spectrum of different device types. As another example,all of the company types that you might regulate come with challenges: some are mostly located outside your national borders, others lack technical sophistication, otherstouchonly a subset of the devices of interest, and so on. Difficult choices aboundand if you havent thought about how you would make those choices, then you arent in a position to assert that the benefits of a mandate areworth the downsides.

To date, the FBI has not put forward any specific approach. Nor has the UK government, to my knowledge. All they have offered in their public statements are vague assertions that a good approach must exist.

If our law enforcement agencies want to have a grown-up conversation about encryption mandates, they can start by offering a specific proposal, at least for purposes of discussion. Then the serious policy discussion can begin.

Go here to see the original:
How to Analyze An Encryption Access Proposal - Freedom to Tinker

Related Posts
Posted in Encryption

Comments are closed.