In-brief: the first step on the road to recovery is admitting you have a problem. The U.S. Congress has done that with its recent report on the roiling encryption debate within policy circles.
As we know from 12-step programs, the first step on the road to recovery is to admit you have a problem. After years of dysfunction and denial in regard to information security, it looks as if the U.S. government is finally taking its first steps down that long road.
As noted over at The Guardian, the U.S. House of Representatives’ Homeland Security Committee last week released a 25-page white paper that provides an assessment of the U.S. government’s past work in the area of data privacy and information security, the needs of the future and a likely path forward.
As The Guardian notes in its article, the document, Going Dark, Going Forward: A Primer on the Encryption Debate (PDF) does not claim any magical solution to the fight over encryption software, but it does provide a pretty good recap of ancient and recent history and, with measured language, offers criticism of recent efforts by Congress and The Whitehouse to “legislate their way out of the encryption debate,” as The Guardian puts it.
[Read more encryption coverage on The Security Ledger.]
The report, which was the product of a year’s worth of research, and which was presented by House Homeland Security Chairman Michael McCaul (R-TX) and Senator Mark Warner (D-VA), proposes the creation of a National Commission on Security and Technology Challenges (or “Digital Security Commission”) that would assemble nationally recognized experts on digital security to “develop policy and legislative recommendations to present
The report is seen as the first step in that process, serving as a reference document on the way to new laws that will “forge a national consensus on solutions that preserve American innovation, strengthen our competitiveness, and preserve the rule of law.”
It also lays out recommendations for lawmakers who would transcend the in-fighting and scaremongering that has reduced the terms of the debate to repeating volleys of warnings about “surveillance states” and “going dark.”
Among the conclusions of the report:
- Everybody’s right on encryption: encryption plays a vital role in modern society, and its use in digital communications and data management is simply a “fact of life,” the report notes. That said, law enforcement entities “face real and persistent challenges when they encounter encrypted communications during the course of investigations and prosecutions.” The question is not so much “privacy versus security,” but “security versus security,” the report concludes.
- Legislative “solutions” proposed so far come with “significant trade-offs, and provide little guarantee of successfully addressing the issue.” Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix.
- Parties on either side of the debate – privacy vs. security, law enforcement vs. tech-need to “engage one another in an honest and in-depth conversation in order to develop the factual foundation needed to support sustainable solutions.” The encryption debate, after all, is just a small part of a “larger question of ensuring that law enforcement and national security efforts keep pace with technological advancement without undermining American competitiveness and American values.”
The final message is one that might have been borrowed from Hillary Clinton’s presidential campaign: we’re better together than apart when it comes to solving these thorny issues around privacy, security and the role of technology.
Check out the Guardian article here: US efforts to regulate encryption have been flawed, government report finds | Technology | The Guardian.