Key Points
- In an era of ever-changing technology, we must minimize government intrusion while ensuring that law enforcement has the tools necessary to keep Americans safe.
- Policymakers have suggested legislation that forces technology companies to alter their software to allow government access to more data. Companies claim this will make it easier to steal data and manipulate the software and will undermine the companies’ position in the marketplace, harm shareholder value, and eliminate competition.
- Congress and the president should create a commission of experts to analyze issues involved in encryption and provide recommendations on balancing private-sector equities, civil liberties, and national security.
Introduction
Over the last year, Americans faced revelations about the National Security Agency’s (NSA) telephone metadata collection program, the savage terrorist attack in Paris, and the husband-wife terrorist attack in San Bernardino. Each raised serious questions about the government’s use and misuse of data, the effectiveness of data-analysis programs, and law enforcement’s technological limits in tracking terrorist activities.
With the 24-hour news cycle and social media outlets, policymakers and pundits are quick to take to the airwaves to show outrage, demand changes, and hold hearings. Rarely do these actions lead to smart government reforms, and in some cases they produce laws that go beyond actions the federal government has historically taken.
There is a real risk policymakers will cross such a line on the issue of encryption.[1]
Some have suggested Congress should mandate that private-sector companies create vulnerabilities in their software to allow law enforcement access to encrypted communications. Such a mandate would be unprecedented and a possible overcorrection that does more long-term harm than good. At the same time, the status quo makes law enforcement’s job of protecting us nearly impossible. Before Congress acts, a robust debate must occur so policymakers can make the soundest decision possible.
Therefore, a national commission of experts should analyze the issues involved in encryption and provide Congress and the president with recommendations on how best to protect private-sector equities while giving law enforcement the necessary tools to protect us from increasingly sophisticated terrorists.[2] Because both law enforcement and the private sector have legitimate concerns over how best to move forward on encryption technology, allowing a commission to deliberate on the issue outside of the spotlight of congressional hearings and the prying eyes of our enemies is the safest course of action.
Unlike most think tank reports that contain tidy solutions, this report acknowledges this issue’s complexity and the need for expert analysis to fully evaluate the available options. The solution proposed, however, is more than mere process aimed at kicking the can. A properly structured, manned, and directed national commission can give America the best chance of making the least-worst choice.
Let me be clear: if Congress does nothing, we make it easier for terrorists to attack us, because we tie law enforcement’s hands once terrorists use encrypted technology to evade them. If Congress requires technology companies to add backdoors to their software, we likely chase consumers, including terrorists, to applications made outside of the United States, undermining our technology industry.
We have been dealt a bad hand that we must play adroitly to win.
The Encryption Challenge for Government
Today, federal agencies and local law enforcement analyze online data to detect potential terrorist threats. In many cases, this analysis consists of reviewing posts on social media, such as Facebook, Twitter, Snapchat, Surespot, WhatsApp, and Telegram. Certain posts are reviewed based on the use of particular words and phrases. Federal agencies and a few large local law-enforcement agencies conduct this analysis in several languages: English, Farsi, Arabic, Urdu, Pashto, Turkish, and Punjabi, to name a few.
If a posting contains enough specificity or the individual posting comments shows a certain level of intensity, analysts will seek other information on that individual. For example, an analyst might investigate where the individual lives (because his location determines the legal jurisdictional lines between federal agencies and local law enforcement), his criminal history, and his links to subjects of ongoing investigations. Once enough information about the individual is gathered, the analyst will discuss the case with supervisors, who then decide whether to seek judicial approval to gather more information.
Once a judge approves, law enforcement orders a technology company to provide information not available from open sources. For example, the company has hard data on location, deleted posts, and other account information. These data allow law enforcement to further build its case that the individual may be engaged in terrorist activities.
A problem arises, however, if the individual moves from a nonencrypted technology application to an encrypted one, which often happens as terrorists’ plans become more specific. Law enforcement refers to this movement as going “dark.” At this point, law enforcement hits a wall. For example, in a case in Garland, Texas, Elton Simpson exchanged more than 100 messages with jihadists on the day of the attack.[3] Even with judicial approval, law enforcement cannot get additional information from the encrypted technology company because the company itself may not be able to collect any data—the data are encrypted even from them.
With the rise of technology applications, citizens and companies have demanded encryption to keep their conversations, pictures, and other activities shrouded and safe from hackers.[4] This demand stems from a desire to maintain their privacy and, post–Edward Snowden revelations, keep government eyes blocked from their activities. To meet this demand, technology companies have produced encrypted applications.[5] For example, with the release of iOS8 and higher, Apple has encrypted its telephones without any backdoor that allows it to collect data and, therefore, be responsive to judicially approved government orders.[6]
Yet terrorists are consumers, too. With the NSA revelations by Snowden, terrorists have figured out how intelligence agencies monitor and track them. They now increasingly use encrypted technology to communicate, plot, and attack.
Beyond terrorism, encryption could and likely is being used by transnational organizations and criminals to facilitate human trafficking, drug production and distribution, and other illegal activities. Many Americans may not see terrorism as an imminent threat to them, but most communities face the scourge of drugs and drug-related crimes.
Notes
- Damian Paletta, “Silicon Valley Faces Showdown as Lawmakers Fume over Encryption,” Wall Street Journal, December 10, 2015, http://ift.tt/1IYYVNi.
- On December 27, 2015, Representative Michael McCaul (R-TX), chairman of the House Homeland Security Committee, and Senator Mark Warner (D-VA), a member of the Senate’s Banking, Finance, and Intelligence Committees, made a similar recommendation in an op-ed in The Washington Post. See Michael McCaul and Mark Warner, “How to Unite Privacy and Security—Before the Next Terrorist Attack,” Washington Post, December 27, 2015, http://ift.tt/1RsRip1.
- Evan Perez, Pamela Brown, and Jim Sciutto, “Texas Attacker Had Private Conversations with Known Terrorists,” CNN, May 7, 2015, http://ift.tt/1IVwEtD.
- Devlin Barrett, “FBI Seeks to Reframe Encryption Debate,” Wall Street Journal, December 30, 2015, http://ift.tt/1JeLXR1.
- Paletta, “Silicon Valley Faces Showdown.”
- Again, this goes beyond Sen. Paul’s requirement for law enforcement to just get a search warrant.
from AEI » Latest Content http://ift.tt/1RsRioZ
0 التعليقات:
Post a Comment