OTI welcomes the report released today by the National Academies of Sciences, Engineering and Medicine’s (NAS) Committee on Law Enforcement and Intelligence Access to Plaintext Information entitled “Decrypting the Encryption Debate: A Framework for Decisionmakers.” This report completes NAS’s first major inquiry into encryption backdoors or “exceptional access to plaintext” since the release of its original report on this topic in 1996. Then, the Academy concluded that the dangers associated with any method for retaining access to plaintext would far outweigh the benefits to law enforcement or the intelligence community.
Today’s report did not alter NAS’s previous recommendations on this topic. It builds upon that preceding work with a review of the critical role of encryption in safeguarding cybersecurity and protecting privacy, as well as the challenges encryption can pose for law enforcement and intelligence agencies seeking access to electronic data. OTI’s Director, Kevin Bankston, served as a reviewer for the report.
The report’s proposed Evaluation Framework, recommended by consensus of over a dozen experts in technology, cybersecurity, law enforcement, and privacy should provide an important tool for policymakers as they evaluate proposals regarding the use of encryption. Educating policymakers to ensure that they make informed decisions is all the more important as the Justice Department continues its campaign for companies to allow that government can access encrypted communications. As OTI has long advocated, the government should not require manufacturers of devices and software to build-in encryption backdoors that would ensure the government can access plaintext versions of encrypted communications.
The NAS Evaluation Framework provides a series of questions for policymakers to use to make an informed decision when evaluating whether to provide government with exceptional access to plaintext. The Framework’s questions include:
To what extent would the approach be effective in permitting law enforcement or intelligence agencies access to data at the scale, timeliness, and reliability that they seek?
How will the proposed approach affect the security of the device or type of data sought, and of cybersecurity more broadly?
To what extent will the proposed approach affect the privacy, civil liberties, and human rights of targeted individuals and groups?
To what extent will the proposed approach affect commerce, economic competitiveness, and innovation?
The following quote can be attributed to Sharon Bradford Franklin, director of surveillance & cybersecurity policy, New America’s Open Technology Institute:
“The NAS report comes at a critical time, as the administration’s campaign for encryption backdoors has escalated. In issuing this Framework, the NAS Committee recognized the essential role that encryption plays in protecting both cybersecurity and individual rights. Before the administration and Congress move forward with any policies that might limit the use of strong encryption, they should ensure that they can answer the questions in the NAS Evaluation Framework.”
The following quote can be attributed to Robyn Greene, policy counsel and government affairs lead, New America’s Open Technology Institute:
“After over three years of debating the questions articulated in this Framework, it’s clear that the only appropriate answer is that no policy that would weaken or limit access to encryption should be adopted. Congress should use the methodology proposed in this Framework to move on from the encryption backdoor debate, and finally turn to the critical discussion of how to ensure that law enforcement and the intelligence community can adapt to technology that evolved and is adopted at a rapid pace.”