5 December 2018

Perspectives on Encryption and Surveillance

By Daniel J. Weitzner

In August 2018, the leading international academic conference on cryptography hosted a Workshop on Encryption and Surveillance. The workshop explored both legal and technical aspects of the ongoing debate over the impact of strong encryption and law enforcement surveillance capabilities. The workshop was co-chaired by Tim Edgar (Brown University), Joan Feigenbaum (Yale University), and me. As we described it at the time:

The public-policy debate over encryption has focused primarily on the use of encryption to protect the confidentiality of communications and stored data. For those who fear unrestrained government surveillance, encryption is an obvious technical response. Governments around the world are asking whether the increasing use of encryption is a problem or essential to meeting growing security threats. On the one hand, the worry is that law enforcement and security agencies are increasingly "going dark." At the same time, forcing "exceptional-access" features into existing security protocols creates additional security risk. A variety of technical and administrative measures have been proposed to address law-enforcement and privacy concerns. Cryptographic-computing techniques (such as search on encrypted data) can enable intelligence collection with better privacy guarantees, and expanded accountability measures can increase confidence in the rule of law. This workshop will examine how encryption and related technologies pose both challenges and opportunities for surveillance and reform of surveillance.


Our goal was to advance the global policy debate on this topic by encouraging participants to wrestle with the real and sometimes inconvenient technical and policy factors that must be addressed to reach mature policy solutions in this area. We heard presentations from law enforcement and national security officials who make compelling cases for the importance of preserving digital surveillance capabilities while at the same time recognizing the need to avoid adding technical or operational security risks to widely used systems. We heard computer security engineers describe various proposals to provide exceptional access for law enforcement, but also stating clearly that these systems are far from ready for public deployment. From civil liberties advocates and computer scientists, we heard about the importance of preserving privacy and human rights, and the risks of pitting system designers against their users in the name of helping law enforcement. Over the next few days, a series of essays on Lawfare will capture some of the views presented at the conference.

No comments: