A group of top coding specialists published a paper on July 6, 2015, arguing that law enforcement’s desire to access encrypted data is not only unfeasible, but would also possibly imperil the security and privacy of global digital communications. The group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, warned that giving law enforcement “exceptional access” to encrypted data would likely introduce security flaws in today’s complex Internet environment that would be almost impossible to predict or detect. Such access would also curtail innovation and raise “thorny issues” for human rights and international relations, the experts said.
Law enforcement in both the U.S. and the U.K have been pushing for mandated government access to encrypted information, according to the computer scientists, out of fears of “going dark” and being unable to monitor criminals and terrorists’ encrypted communications. The Communications Assistance for Law Enforcement Act (“CALEA”) currently requires “telecommunications carriers” to provide assistance to ensure that the government is able to intercept electronic communications when lawfully authorized, but it does not require a carrier to decrypt communications encrypted by the customer unless the carrier provided the encryption and possesses the information necessary to decrypt. It also does not currently cover all Internet-based communications services. Law enforcement officials have now proposed that data storage and communication systems be designed for “exceptional access” by law enforcement agencies. However, the coding specialists warn that these “proposals are unworkable in practice, raise enormous legal and ethical questions and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm.”
The experts oppose giving law enforcement exceptional access to encrypted data because it would be a complete reversal from current security best practices. Simply giving agencies a key to decrypt messages presents a significant security risk, they argue, because communications would be left open to attack by anyone who could get a copy of the key. And leaving a backdoor open for law enforcement to access a social network could also let in hackers. Those access features would also make systems more complex, thus introducing new security vulnerabilities, according to the report. Finally, the greatest obstacle to providing access to encrypted data might simply be jurisdiction, the scientists say, given the global nature of the Internet.
The report was issued the day before FBI Director James Comey and Deputy Attorney General Sally Quillian Yates testified before a Senate Judiciary Committee hearing on encryption and security. They testified “about the growing challenges to public safety and national security that have eroded our ability to obtain electronic information and evidence pursuant to a court order or warrant.” They acknowledged their support for strong encryption technology but highlighted challenges that such encryption technology created for law enforcement. They also advocated for continued investment in “tools, techniques, and capabilities designed to mitigate the increasing technical challenges associated with the Going Dark problem.”