Talking in the dark: Rules to facilitate open debate about lawful access to strongly encrypted information

Abstract

Strong encryption can prevent anybody from accessing user data, including the technology companies responsible for its implementation. As strong encryption technology has become increasingly prevalent, law enforcement agencies have sought legislation to secure continued lawful access to the data affected. Following analysis of the encryption debates in the United States and the United Kingdom, this article will propose three rules that governments should follow to facilitate open debate and prevent the implementation of unsafe lawful access solutions. Firstly, we will provide context on current encryption policy. Secondly, it will be shown that continuous open debate must be facilitated in order to prevent the implementation of unsafe lawful access solutions. Finally, it will be argued that governments should be held to three rules when engaging in debate about lawful access: legislation governing lawful access must state clearly on its face whether decryption can be mandated; the encryption debate must not be oversimplified or reduced to emotive examples in order to secure public support for unsafe solutions; and safeguards on warrants must not be conflated with safeguards on lawful access mechanisms in order to suggest that solutions are safer than is actually the case.