Public engagement on encryption issues surged following the 2015 terrorist attacks in Paris and San Bernardino, particularly when it was suspected that the attackers used encrypted communications before, and possibly during, the attacks in order to evade detection--a phenomenon known as 'going dark.' While encryption provides important benefits to society and the individual, it also makes it more difficult for law enforcement and intelligence professionals to keep us safe. Some have framed the debate surrounding encryption as a battle between privacy and security. Our extensive discussions with stakeholders, however, have led us to conclude that the issue is really about security versus security: encryption protects critical infrastructure, trade secrets, financial transactions, and personal communications and information. Yet encryption also limits law enforcement's ability to track criminals, collect evidence, prevent attacks, and ensure public safety. Initially, lawmakers and some among law enforcement personnel believed the solution was simple: statutorily authorize law enforcement access to obtain encrypted data with a court order. Unfortunately, this proposal was riddled with unintended consequences, particularly if redesigning encryption tools to incorporate vulnerabilities--creating what some refer to as 'backdoors'--actually weakened data security. Indeed those vulnerabilities would naturally be exploited by the bad guys -- and not just benefit the good guys.
展开▼