Alston & Bird Senior Counsel Peter Swire testified today before the Senate Judiciary Committee as part of its hearing entitled, Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy. The hearing, held on July 8, 2015, featured Sally Quillian Yates, Deputy Attorney General, and James B. Comey, Jr., Director of the Federal Bureau of Investigation, on the first panel, and Cyrus Vance, District Attorney of New York County, Herbert Lin of Stanford University, and Swire on the second panel. The hearing focused on the seemingly competing interests of law enforcement/national security and privacy/civil liberties in the context of encryption. For instance, while the existence of backdoors in encrypted messaging applications would prove to be a boon to law enforcement agencies seeking to intercept communications between suspects or to intelligence agencies seeking to intercept evidence of terrorist plots, such backdoors could prove to be a vulnerability if foreign governments were able to access them. Moreover, domestic government agencies could potentially abuse such backdoors and circumvent legal requirements applicable to accessing private communications. Nonetheless, some commentators have opined that as encryption becomes more commonly used, law enforcement could lose the ability to use data collected from popular communication methods and thereby “go dark.” As a result, some have called on communications providers to implement government-mandated vulnerabilities in encryption technologies to enable access for certain law enforcement and national security purposes.
In his testimony, Swire emphasizes three main points in support of his assertion that increased use of encryption will not lead to law enforcement “going dark.” First, the Review Group on Intelligence and Communications Technology, of which Swire was a member, included a recommendation in its 2013 report, “Liberty and Security in a Changing World,” that the U.S. Government should:
- Fully support and not undermine efforts to create encryption standards;
- Not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and
- Increase the use of encryption and urge U.S. companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
Next, Swire asserts that “it is more accurate to say that we are in a ‘Golden Age of Surveillance’ than for law enforcement to assert that it is ‘Going Dark.’” Specifically, while Swire agrees that encryption has led to “specific ways that law enforcement and national security agencies lose specific previous capabilities due to changing encryption technology[,]” he asserts that they have received a number of substantially offsetting gains as well. In particular, he points to the wealth of location-based information created by cellular telephones and other ubiquitous modern technologies; the information about contacts and confederates that can be mined from communications metadata; and the emergence of big data in combination with databases containing large amounts of personal information collected from numerous sources. In addition, Swire notes that despite the emergence of some end-to-end encrypted messaging technologies, a vast number of text messages are sent annually, a majority of which are not encrypted. Similarly, while encryption of devices such as smartphones is becoming more prevalent, many users do not take advantage of this capability, and even if they do law enforcement may have ways to circumvent the encryption or to gain access to the underlying data without the use of backdoors or compromised encryption mechanisms.
Finally, Swire argues that government-mandated vulnerabilities (such as backdoors) would pose a threat to cybersecurity itself, which would adversely affect U.S. businesses, as cybersecurity is in high demand by customers. Such vulnerabilities could also undermine human rights in other countries and erode the U.S.’s “moral and policy authority to argue for strong cybersecurity…” They also threaten the U.S.’s position as a global leader in technology while potentially benefitting its adversaries as they surpass the U.S. in encryption capabilities.
A copy of Swire’s testimony is available here.