Any attempt to weaken encryption is against the national interest, a group of US lawmakers has warned.
The widespread use of strong encryption has lead to complaints from law enforcement agencies that they are unable to access to communications of criminals – the so-called ‘going dark’ issue. This has lead to calls for government to order tech companies to install backdoors into the encryption they use, in order to allow investigators access to data. Critics of this move argue backdoors would weaken security and privacy for everyone, with little benefit to law enforcement.
The congressional Encryption Working Group has held meetings with federal, state, and local government, legal experts, academics, and cryptographers since it was set up in March 2015 to consider the issue and has now published an end of year report highlighting four key points.
“Any measure that weakens encryption works against the national interest,” it said and also noted that encryption is a global technology that is widely and increasingly available. It also said that there are different attitudes to encryption and the going dark phenomenon, and so “there is no one-size-fits-all solution to the encryption challenge.” The group said Congress should foster cooperation between the law enforcement community and technology companies.
“Encryption is inexorably tied to our national interests. It is a safeguard for our personal secrets and economic prosperity. It helps to prevent crime and protect national security,” the report said, but added: “The widespread use of encryption technologies also complicates the missions of the law enforcement and intelligence communities,” and said those complications cannot be ignored.
The report noted that “against a wide array of threats, foreign and domestic, encryption is one of the strongest cybersecurity tools available,” and warned: “Congress should not weaken this vital technology because doing so works against the national interest,” but it added: “However, it should not ignore and must address the legitimate concerns of the law enforcement and intelligence communities.”
Attempts to require US companies to put backdoors in their encryption will likely backfire, the group said, as customers will shift to services in other countries, and may encourage some firms to leave the US – at which point US intelligence agencies would lose access to even more data.
“The consequences for such a policy may be profound, but they are not likely to prevent bad actors from using encryption,” the report said.
The report said lawmakers should look at opportunities to help law enforcement agencies navigate the process of accessing information from private companies and examine options to improve law enforcement’s ability to leverage metadata.
It also said Congress look at another potentially controversial issue it described as ‘legal hacking’ – that is, using flaws in software to circumvent encryption.
“Many stakeholders argue that, rather than building new vulnerabilities into secure products to facilitate law enforcement access, law enforcement agencies should be given the resources to exploit the flaws in secure products that already exist. Several law enforcement agencies noted that legal hacking is a time-and resource-intensive approach, and limited to the subset of cases where the agency actually knows of a flaw to exploit,” it said.
The report said Congress should also considering the implications of alternative legal strategies such as compelling individual consumers to decrypt their devices.