Restricting encryption is a short-term solution to a long-term problem

[Commentary] Undoubtedly, there will be cases in which terrorists use encryption to mask their plans. And it appears that encryption has put evidence in some ordinary criminal cases out of reach. The hard truth is that we may be seeing a transition: from a world in which police and intelligence agencies had near-comprehensive access to data to one in which much of what those agencies want to obtain is no longer available. But will any policy be effective in reversing the proliferation of unbreakable encryption technologies?

Efforts to regulate corporations providing encryption services might yield short-term benefits. But how long will those last? How long before even ordinary criminals download products built outside the reach of US law? The basic math of encryption is now globally understood, and leading encryption products are open source, meaning that no one owns them. The threat of terrorism is real. But a clear-eyed analysis of the technological realities is needed before imposing mandates that could weaken the security of corporations, governments and individuals -- while not stopping the bad guys.

[James Dempsey is executive director of the Berkeley Center for Law & Technology at the University of California, Berkeley, Law School.]