For those who read tea leaves, the last month brought a string of small signs that momentum may be building again to require law enforcement access to encrypted communications.
In late September, the EU Council Presidency — currently held by Germany — issued a call for member delegations’ views on “security through encryption and security despite encryption.” (Read Techdirt’s coverage of the announcement.) The announcement maintained that “technical solutions weakening or directly or indirectly banning encryption will not be supported” but contemplated at least some form of “technical solution for accessing encrypted data.” According to the prevailing view in the information security community, a technical “backdoor” necessarily weakens the security of an encryption protocol.
Then came a joint statement from the Five Eyes — the intelligence alliance that includes the United States, the United Kingdom, Australia, Canada and New Zealand. (India and Japan also joined the communiqué.) That statement was more direct than the EU’s. While endorsing “strong encryption” for its role in “protect[ing] journalists, human rights defenders and other vulnerable people,” the nations nevertheless insisted that “there is increasing consensus across governments and international institutions that action must be taken” to provide law enforcement access to end-to-end encrypted communications. The signatories express “serious concerns” about any practices “where encryption is applied in a way that wholly precludes any legal access to content.”
Will any of these declarations lead to policy change? It’s hard to say; often, the Crypto Wars have a way of ebbing and flowing back to the status quo. There are still (at least) two bills pending in Congress that would take different approaches to law enforcement access. The EARN IT Act, which critics say would disincentivize the use of encryption by expanding platforms’ liability for failing to detect child exploitation material, made it through the Senate Judiciary Committee this summer but hasn’t yet seen a floor vote. A House companion to that legislation was introduced earlier this month. The Lawful Access to Encrypted Data Act, meanwhile, would straightforwardly require that technology companies maintain the ability to decrypt communications upon service of a court order. Though versions have been introduced in both the Senate and the House, neither has made clear progress toward passage.
Journalists routinely use end-to-end encrypted messaging apps like Signal, as well as other encrypted technologies like the Tor browser and SecureDrop, to communicate confidentially with sources. We’ll be watching this space for developments.
The Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press uses integrated advocacy — combining the law, policy analysis, and public education — to defend and promote press rights on issues at the intersection of technology and press freedom, such as reporter-source confidentiality protections, electronic surveillance law and policy, and content regulation online and in other media. TPFP is directed by Reporters Committee attorney Gabe Rottman. He works with Stanton Foundation National Security/Free Press Legal Fellow Grayson Clary and Technology and Press Freedom Project Legal Fellow Mailyn Fidler.