New Paper on The Risks of "Responsible Encryption"
By Riana Pfefferkorn, Cryptography Fellow at the Center for Internet and Society at the Stanford Law School
February 08, 2018
I've just released a new whitepaper called The Risks of "Responsible Encryption" in response to recent comments by Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray. In recent remarks, both Rosenstein and Wray have denounced strong encryption for allegedly causing law enforcement investigations to "go dark." They call instead for "responsible encryption," a rhetorical term I've critiqued before. The "solution" they want, whether through mandatory legislation or voluntary adoption, is for technology companies to weaken their encryption by adopting some form of key escrow.
The risks of key escrow systems have been well-documented for many years, and their adoption would negatively impact U.S. economic interests and data security. Yet Rosenstein and Wray dangerously ignore or downplay these risks while failing to acknowledge that a key escrow system would not necessarily deliver the benefits they envision. Meanwhile, numerous less-risky alternative sources of digital evidence already exist or are in development.
If public debate over their "responsible encryption" proposals is to be at all meaningful, Rosenstein and Wray must offer concrete proposals instead of rhetoric, and must acknowledge the trade-offs their proposals would entail. The PDF of the paper is available here.