Encryption is essential to protect digital data and communications. Yet it poses a challenge to law enforcement investigation and prosecution of crime and terrorism. Middle-ground, risk-informed approaches are needed to narrowly provide lawful government access to encrypted data while mitigating the risk of unauthorized access and breach of confidentiality.
Beginning with this framing of common interests and using a set of 10 myths in the encryption debate identified by Stanford University's Herb Lin, this group developed a method of creating encryption policy regimes that will help decision makers develop encryption policies that balance the different interests and needs of their societies. This work resulted in the report Encryption Policy in Democratic Regimes: Finding Convergent Paths and Balanced Solutions (released February 2018) which outlined the group’s methodology and offered two sample encryption regimes as possible policy options. These two regimes were based around common actions, such as the use of compelled provider assistance and systemic improvements to cybersecurity, but differed in their emphasis of either lawful hacking or design mandates. The report offers recommendations for how policymakers can engage on this issue in a balanced and transparent way that takes into account the competing priorities of cybersecurity, privacy and human rights, law enforcement and public safety and commerce.
In January 2017, Bruce McConnell testified on encryption at the National Academies of Sciences event at Stanford University. He summarized encryption policies in democratic regimes and emphasized the need to carefully review and balance privacy and public safety concerns. In what has become a publicly charged and polarized debate, McConnell noted that a middle ground on encryption that serves common interests is possible to find – “if started from a frame of common interests, solutions almost always emerge, sometimes rather unexpectedly.” The National Academies of Sciences released a new report on encryption to assess options and tradeoff of government access to plaintext information in an era of ubiquitous encryption.
This breakthrough group will conduct international outreach in capitals, civil society forums and corporate headquarters in forms of talks and workshops to disseminate and advocate for key findings of the report, in particular, the recommendations and the EWI Delphi methodology.