In the movie Groundhog Day, Bill Murray’s character is stuck in an endless loop, reliving the same day over and over again. It’s not until he actually does something different that he breaks the loop.

That’s where we are in the encryption debate. On one side the encryption advocates talk about the critical role it plays in data privacy and security: safeguarding online communications, enabling free speech, and protecting financial transactions, among other things. On the other side, governments and law enforcement want a way to access encrypted communication to protect the public, prevent the spread of child sexual abuse materials, and stop terrorist attacks and other crimes.

Both sides have tweaked the messaging over the years but for decades it’s been the same endless loop. Law enforcement needs to break down the challenges and come to the table with an open mind. Encryption advocates need to recognize the challenges that law enforcement face and also have an open mind for these discussions. Maybe if both groups work together, break the bigger challenges into smaller ones, they can create solutions and break the loop.

The report released today from the Center for Cybersecurity Policy & Law, Reframing the Conversation: A Deep Dive into the Encryption Debate looks at the history of the conversation around encryption, and how we might reframe it to break out of this loop. Governments and law enforcement must take a practical, incremental approach to policies and legislation that affect law enforcement and online security, rather than mandating ubiquitous surveillance that can circumvent encryption. And encryption advocates must find ways to partner on our shared goal to prevent, investigate, and prosecute these crimes.

The report:

  • Examines the historic discussion and arguments around encryption policy;
  • Reviews recurring themes among proposals in the context of current policies and legislation;
  • Establishes how the modern encryption debate should proceed; and
  • Addresses the potential challenges should the discourse remain unaltered.

Heather West, Zack Martin & Ivy Orecchio

Read Next

Risks Associated with IT Monoculture Needs Further Examination

IT concentration risk is a relatively new term but due to recent cyberattacks it has been front and center. To examine the issue the Center conducted an exercise to look at the threats of IT concentration risk and offer recommendations.

Addressing Concentration Risk in Federal IT

The Center conducted a multi-stakeholder tabletop exercise in April to explore a form of concentration risk where a single software, configuration, service, or hardware becomes dominant in an ecosystem.

Protecting Network Resiliency

Vulnerabilities, flaws, or misconfigurations in the network device ecosystem can have a devastating effect. To prevent this, the Network Resilience Coalition is making recommendations on best practices for both vendors and consumers.