Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
N a t i o n a l S e c u r i t y , T e c h n o l o g y , a n d L a w
A HOOVER INSTITUTION ESSAY
ENCRYPTION SUBSTITUTES
ANDREW KEANE WOODS
Aegis Paper Series No. 1705
Introduction
Policy experts have suggested that the rise of encrypted data is not the end of intelligence collection because law enforcement can look to substitutes
—
other sources of intelligence, such as metadata
—
that prove to be just as valuable or more valuable than decrypting encrypted data.
1
This paper focuses on the other side of that insight: on the substitutes available for privacy-seekers beyond encryption, such as placing one’s data in a jurisdiction that is beyond the reach of law enforcement. This framework puts encryption in context: there are many ways to keep one’s data private, just as there are many ways that the government might get access to that data. While encryption is typically treated as a stand-alone computer security issue, it is a piece of a larger debate about government access to personal data.
2
Law enforcement officials are, in general, agnostic about the method through which they obtain evidence
—
what matters is obtaining it. Privacy-seekers are similarly agnostic about how they secure their privacy
—
what matters is having it. This means that policymakers have a wide set of options
—
not only about
whether
to allow law enforcement to access personal data, but also
how
to do so. This wide set of options is not reflected in the debate over encryption, which is typically framed in all-or-nothing terms. Some privacy advocates take a stance that seems to allow no room for compromise (an argument that can be boiled down to “it’s math!”
3
) and some government actors do the same (essentially arguing, “it’s terrorism!”
4
). Widening the scope of the policy discussion to include related issues
—
what I will call “encryption substitutes”
—
may increase the chances of compromise and may generate better policy.In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, fighting terrorism, and regulating territorial borders. Second, I assume that people have a right to expect privacy in their personal data. Therefore, policymakers should seek to satisfy both law enforcement and privacy concerns without unduly burdening one or the other. Of course, much of the debate over government access to data is about how to respect
2
Andrew Keane Woods • Encryption Substitutes
both of these assumptions. Different actors will make different trade-offs. My aim in this short essay is merely to show that
regardless
of where one draws this line
—
whether one is more concerned with ensuring privacy of personal information or ensuring that the government has access to crucial evidence
—
it would be shortsighted and counterproductive to draw that line with regard to one particular privacy technique and without regard to possible substitutes.The first part of the paper briefly characterizes the encryption debate two ways: first, as it is typically discussed, in stark, uncompromising terms; and second, as a subset of a broader problem. The second part summarizes several avenues available to law enforcement and intelligence agencies seeking access to data. The third part outlines the alternative avenues available to privacy-seekers. The availability of substitutes is relevant to the regulators but also to the regulated. If the encryption debate is one tool in a game of cat and mouse, the cat has other tools at his disposal to catch the mouse
—
and the mouse has other tools to evade the cat. The fourth part offers some initial thoughts on implications for the privacy debate.
The Encryption Debate in Context
The debate about backdoors to encryption leaves little room for compromise. One side characterizes the government’s demands for exceptional access as “math denialism”: exceptional access simply
cannot
be introduced into a cryptographic system without overwhelming risk.
5
The other side insists that it
must
be done and it can happen, if only cryptographers and software engineers try hard enough. Former FBI director James Comey’s recent testimony on the matter is a good example
—
suggesting that Silicon Valley entrepreneurs simply need to apply the same grit and determination to the encryption problem that they apply to creating new software businesses.
6
The terms of this debate are zero-sum: either it is technologically possible to create a system that is safe but also contains a backdoor, as the FBI asserts, or it is not.Perhaps there is a better way to frame the debate. The government does not actually seek exceptional access to encrypted data per se; indeed, governments did not seek exceptional access until it became relevant to law enforcement operations. What the government is really after is crucial evidence of crimes and national security intelligence. Encryption is just one barrier
—
among many
—
to that evidence and intelligence.
3
Hoover Institution • Stanford University
Consider two recent high-profile lawsuits: Apple’s refusal to comply with an order to create software to unlock an iPhone
7
and Microsoft’s refusal to comply with a warrant compelling the production of evidence stored on overseas servers.
8
These are distinct domains as a matter of public policy, public relations, and law. The first is about whether the All Writs Act authorizes a judge to compel Apple to write new software that can be deployed to weaken the security of the company’s phones. This is a case about encryption and technological barriers to the state’s ability to access personal data. The Microsoft case, on the other hand, is about whether the Stored Communications Act’s warrant provisions apply extraterritorially.
9
This is a case about jurisdictional limits on the state’s ability to access personal data. At a legal doctrinal level they are different cases, and in the public eye they are different cases.But they share many similarities. Both cases are about the authority of a US judge to compel an American company to produce data about one of its customers in connection with a criminal investigation into that customer’s activity. In both cases, the company objects to giving the government the relevant information, alleging that to do so would harm the privacy of the company’s other customers and would gravely harm the company’s reputation.
10
Both companies stand in the way of the government’s acquisition of information. Indeed, it may be the case that the increasing use of encryption on devices located domestically is driving the Department of Justice to seek information stored abroad, and vice versa.
11
Viewed in this light, the disputes are quite similar and perhaps even interrelated.
Law Enforcement Substitutes
When Comey testified before Congress on July 8, 2015, he emphasized what is known as the “going dark” problem.
12
The problem is that the rise of default-encrypted communication services like WhatsApp and Signal are taking lines of communication that were once in the clear (unencrypted)
—
phone lines or other communications that could be intercepted by law enforcement
—
and making them indecipherable to law enforcement.
13
Comey was hardly the first one to make this argument.
14
But even if some channels of communication have gone dark, other new sources of intelligence are filling the void. Indeed, as Apple’s manager of user privacy testified in that company’s dispute with the FBI over access to an encrypted phone: “There are
Reward Your Curiosity
Everything you want to read.
Anytime. Anywhere. Any device.
No Commitment. Cancel anytime.
