Ari Schwartz
We Need to Develop Encryption Solutions That Encourage a Robust US Security Marketplace
[Commentary] The public debate in the US over encryption has focused almost exclusively on law enforcement officials’ concerns that they will not have access to information that could help solve crimes. But there has been little discussion of the known real world impact of mandates in this area. In the 1990s, when then FBI Director Louis Freeh lobbied Capitol Hill and the Clinton Administration for greater law enforcement access to communications, regulations were put in place to prohibit US citizens from exporting strong encryption products to other countries. While this prevented US companies from using encryption that law enforcement couldn’t access, it did not stop foreign companies from building advanced encryption tools, and creating new security markets in countries like Israel, Canada and Russia.
Instead of mandating technical solutions and impacting research, we need to develop encryption solutions that encourage a robust US security marketplace. As many Internet security experts have suggested, we could invest in greater research by government so that it can find more vulnerabilities in our systems themselves and, eventually, share these with the vendors. We could enhance the technical know-how of state and local law enforcement officials so that they understand how current technologies process information and what they can lawfully access under the current regime. We could build closer ties among researchers, the FBI and local law enforcement to find novel solutions to access information without building back doors. These solutions will not solve every problem, but they will start us down the path of allowing law enforcement to adapt to the continuing changes in new technologies without creating the unintended consequences that we’ve faced in the past.
[Schwartz is Managing Director for Cybersecurity Services at Venable LLP. He was formerly Senior Director for Cybersecurity Policy and Special Assistant to the President for Cybersecurity on the National Security Council from 2013-2015.]