Report Canvases Importance of Maintaining Robust Encryption Despite Mounting Pressure for Exceptional State Access
Encryption is vital to maintaining the integrity of communications and computing systems in modern life. It is not only essential for securing trust in e-commerce systems, but also, in the digital age, integral to the realization of a wide range of human rights. In spite of the critical importance of encryption, some law enforcement and intelligence agencies view cryptography as a barrier to their investigative and intelligence-gathering activities, and have therefore called for limits on the public availability and use of uncompromised and secure encryption. This paper seeks to examine the parameters of this debate, with particular attention to its Canadian components and implications.
In a sweeping report, launched today by CIPPIC in conjunction with our friends at the Citizen Lab, we canvass the importance of cryptography, historical and current attempts to undermine its utility in order to facilitate law enforcement and public safety objectives, and the legal implications of these attempts.
We begin with a brief primer on encryption: how it works, what key concepts and principles are central to its functionality. Improving literacy in relation to encryption is generally important, and specifically relevant to this discussion because many suggested solutions or evaluations of encryption systems are incorrectly assessed or simply misunderstood due to a failure to grasp some technological realities that are implicit to the nature of encryption and how it operates. As such, Section One of this paper explains key terms and provides a high level overview of central encryption processes.
In its general description of encryption, the section outlines some of the high-level hallmarks of a truly secure encryption system. The most secure encryption places strict limits on who can decrypt data. Ideally, only those individuals whose devices are being secured, whose data is being stored, or who are party to a communication will have the ability to decrypt the data at issue. In this sense, excluding third parties such as service providers from decryption capabilities removes complexities and centralized points of failure that can be exploited by malicious third parties or state actors alike. In addition, secure encryption seeks to compartmentalize compromise, meaning that if an adversary succeeds in compromising one encrypted interaction, they will not automatically be able to compromise historical or future interactions without additional or ongoing intrusion. The section closes with an examination of the limits of encryption, which cannot obscure all data. Notably, there are some types of highly revealing datasets that are unlikely to be protected by encryption. Such datasets cannot be fully obscured from third parties through full encryption, either because they are necessary for the processing of various communications or because various business models rely on the ability to access and analyze such data, which cannot occur if it is encrypted in a manner that is secure against everyone other than the individuals to which the data pertains. These realities place a practical limitation on the ability of secure encryption to confound investigative or intelligence-gathering objectives.
Following this explanatory overview, Section Two synthesizes the many ways in which encryption is critical to modern life. It begins with an overview of the close ties between secure encryption and rights protected by the Canadian Charter as well as in international human rights, with a particular emphasis on the right to privacy and the right to free expression. As a starting point, encryption remains one of the few pragmatic limitations on mass surveillance at a time where agencies feel increasingly unrestricted—from a technical and a legal perspective—from gathering any and all the digital interactions and data of foreigners as it transits the global information infrastructure. While some individuals are able to assert various level of privacy rights against their own governments, their ability to legally limit foreign agencies from indiscriminately monitoring everything has so far been limited. Encryption, then, is intricately tied to maintaining any expectation of privacy against increasingly pervasive and indiscriminate surveillance carried out by other states’ agencies. In the digital age, robust encryption is intricately tied to the right to privacy. Growing awareness of foreign intelligence mass surveillance practices has also led to measurable chilling effects, with particular impact on those seeking to express or research dissenting views. Encryption can provide some measure of confidence against this backdrop of known pervasive foreign-facing surveillance, ameliorating these chilling effects. Purposefully undermining the security of encryption for the purpose of facilitating lawful state access, by contrast, would magnify these chilling effects, as individuals will be left with minimal confidence that any digital interactions can be carried out without the tangible risk that some state agency somewhere will record it.
The salving effect that encryption can have on chilling effects is important for privacy protection, while also implicated the right to free expression in efforts to undermine secure encryption. This nexus between uncompromised encryption and free expression is reinforced in other contexts as well. For example, encryption is an integral component of most digital anonymization tools. Compromising encryption mechanisms can therefore undermine anonymous discourse and interaction in digital networks, a hallmark of free expression. Robust encryption is especially critical to a free press, which relies on its ability to interact securely with anonymous sources. A documented decrease in the willingness of government sources to interact with journalists in the wake of the Snowden revelations of unchecked foreign intelligence surveillance is greatly troubling from a freedom of expression perspective. Finally, encryption is critical to bypassing censorship mechanisms in repressive regimes. By obscuring the specifics of digital interactions, automated state censorship mechanisms are deterred in their attempts to identify the specific interactions that are their objects, rendering censorship more difficult if not, in some instances, impossible. Of course, this only holds true if the encryption mechanisms at issue are secure against compromise by the state, further strengthening the links between free expression and secure cryptography.
Encryption is more generally important to democracy and participation in modern life. Vulnerable and marginalized groups are disproportionately impacted by the chilling effects of surveillance, and experience great pressure to self-censor and exclude themselves from various discourses. This pressure is highly interlinked with the inability to participate anonymously or without some assurance of confidentiality. Many vulnerable or marginalized groups are also subjected to increasingly sophisticated technical threats in their daily lives. For example, technology assisted domestic partner violence is increasingly facilitated by inter-personal surveillance. Individuals who have publicly engaged in digital spheres in defence of marginalized perspectives have also been subjected to severe online abuse, and have had their devices and accounts compromised by those who would silence them. Uncompromised encryption systems foster the security necessary for meaningful inclusion, democratic engagement and equal access to the digital sphere. Finally, human rights activists, whose societal value is often closely tied to their contributions to the expressive and democratic discourse, are also especially dependent on the ability to rely on robust encryption. Encryption can help secure human rights activists against surveillance, particularly by repressive regimes, and also to prevent emerging attempts to attack the public character of human rights activists, such as through the false attribution of statements.
In addition to its close ties to human rights, uncompromised encryption is increasingly critical to e-commerce, public safety, national security and a range of other interests. Trust in e-commerce platforms is reaching all-time lows following repeated high profile breaches that have exposed individuals’ sensitive financial information, interactions on dating sites, and health conditions. Companies themselves are facing growing security costs in an era where network compromise can Robust encryption is a critical component of any effective cybersecurity system and, as such, to diminishing the frequency of such incursions. For related reasons, encryption is critical to cybercrime prevention. Where encryption is weakened or compromised to facilitate state access, such compromises can be exploited by others to facilitate identity theft, stalkerware, attacks on critical systems, and even digital bank heists. Finally, uncompromised encryption is critical to the work of law enforcement and intelligence agencies, who must be able to carry out their various digital investigations with anonymity, confidentiality and security.
Having provided an overview of the importance of robust encryption to a range of societal interests, Section Three of the report outlines historical attempts by the state to control the public dissemination and use of secure encryption, dividing its account into four somewhat distinct eras. Historically, intelligence agencies such as the United States National Security Agency (NSA) tightly controlled the public availability and dissemination of secure encryption through its exertion of direct influence within the cryptography community, through pressure applied directly in the development of encryption standards and through the use of export controls that, by prohibiting anyone from exporting encryption tools or software that did not meet strict limitations, deterred companies from exceeding those limits out of concern it would effectively limit their market. Most limitations during this era focused on ensuring commercial encryption used weak (and ultimately breakable) cryptography key lengths.
However, with the broad adoption of the Internet, encryption became an increasingly critical tool for non-military purposes and traditional mechanisms of control rapidly eroded. As a result, cryptography policy emerged as a hotly contested issue, ushering in an era often referred to as the ‘crypto wars’. Governments began to acknowledge the need for publicly available cryptography with unbreakable key lengths, but demanded that a ‘back door’ be included so that law enforcement and intelligence agencies will retain their surveillance capabilities. Crystallizing in a US proposal called the Clipper Chip, these proposals failed in the face of wide-ranging opposition from the technical community and civil society in general. The Clipper Chip critically undermined the very encryption protections it purportedly offered, ultimately doing little more than replacing one form of cryptography restriction (limitations on key lengths) with another. Court challenges further undermined the ability of states to restrict broad dissemination of uncompromised encryption as export restrictions in the United States were found to impermissibly restrict cryptography researcher’s freedom of expression. Following these developments, cryptography experienced a decade or so of relatively unhindered development in Canada, the United States and Europe. Beginning in 2010, however, investigative agencies in the United States led by the Federal Bureau of Investigations (FBI) began to renew calls for restrictions on publicly available encryption, invoking the ‘going dark’ narrative. This narrative claims that the growing public use of encryption is contributing to an increasing gap between data that state agencies are lawfully authorized to obtain and their practical ability to do so. Ignoring the importance of encryption to the full realization of a growing set of values and interests, high level officials in Canada, the United States, the United Kingdom and Australia have issued increasingly vociferous demands for limits on secure encryption, setting the backdrop for the current debate surrounding encryption policy.
The remainder of the paper critically analyzes the current encryption debate, with special attention to its Canadian parameters. Section Four seeks to outline and assess the full spectrum of legal and policy responses to the perceived encryption ‘problem’, including historical examples, present-day proposals and emerging uses of legal powers. While different state measures raise different concerns in terms of their proportionality and negative impacts, this section posits a range of factors that, all other things being equal, are helpful in evaluating whether a particular measure is proportionate, contextually appropriate and constitutionally sound. Of these many factors, three are perhaps most salient in assessing various measures: (1) whether the measure in question is truly targeted, as opposed to whether there is the possibility of larger-scale, systemic impacts on the rights and interests of uninvolved parties; (2) whether there is an element of conscription or coercion which may raise an issue of self-incrimination or unfairly impact the interests of a third party; (3) whether, in considering all the factors, the response remains both truly necessary and truly proportionate.
The section divides its analysis of state responses to perceived challenges raised by encryption into three categories, loosely based on the predominant object of the measure in question. The first category focuses on critiquing state mechanisms directed at the broader availability of encryption to the general public. Such measures target encryption itself, seeking to limit the non-military availability of certain types or grades of encryption or, at times, certain specific implementations. Second, we review measures directed at intermediaries and service providers. These measures typically call on service providers to assist law enforcement in decrypting communications, but do not purport to hinder the availability of secure and uncompromised encryption, although some measures fail to achieve this standard. Third, we describe and evaluate measures that target specific encrypted devices, accounts or individuals in their implementation. This will often include measures designed to enlist an individual in the decryption of their own device or account.
The first category examines state measures that are expressly directed at reducing the public availability of secure and uncompromised encryption. Such measures can take many forms including, the outright criminalization of encryption or certain encryption mechanisms, or attempts to censor certain applications that employ encryption. Other less direct measures, such as the imposition of export controls on various encryption mechanisms, are not only intended to prevent the availability of affected encryption in other jurisdiction, but also to deter its development domestically. Finally, some government agencies will attempt to undermine the public availability and use of secure encryption by secretly subverting encryption standards and protocols at the development stage. Where hidden backdoors or weaknesses are successfully incorporated directly into core encryption standards, these can later be exploited by agencies seeking to access any device, communications mechanism or stored data repository that relies on them.
Measures in this first category frequently fail to meet their objectives, often with serious negative unintended consequences. Where popular digital tools are banned due to their use of encryption, or where covertly inserted encryption backdoors are discovered, it can lead to strong and wide-ranging public opposition. Such measures also face practical barriers, as encryption mechanisms succeed in bypassing censorship measures and the Internet renders globally available and disseminated encryption tools difficult to block. Many attempts to censor or criminalize encryption also meet with strong legal resistance, as many courts have proven unwilling to ban all use of a tool on the basis that a tiny fraction of those using it might to so to plan criminal conduct. Pragmatically, such measures often miss their target, as those already inclined to carry out undesirable conduct (be it political criticism or planning of criminal conduct) will often take advantage of options to bypass them. Where this occurs, the ultimate outcome is to rob law-abiding citizens of secure digital tools while still failing to meaningfully deter their use by criminals. Finally, some attempts at censoring of encryption tools have led to substantial collateral impact, as unrelated websites and services are blocked even while the targeted tools remain intact.
The second category of state measures target intermediaries, service providers and manufacturers, seeking to leverage their respective roles in developing, distributing and operating consumer-facing technology to create decryption opportunities. Such measures can be imposed through various means, including through regulatory instruments such as licensing obligations, through the use of court orders designed to enlist the assistance of an intermediary or other service provider. At times, measures in this category are achieved by securing voluntary compliance from private sector entities, often through the use of political or co-regulatory pressure. These types of measures can undermine the trust relationship between customers and service providers, and chill reliance on various services for digital activity. It can also impose heavy costs on services and undermine other important values such as innovation and competition.
Measures in this category can amount to de facto limits on the public availability of encryption where they put in place conditions that render it impossible for service providers to adopt certain types of uncompromised encryption, or otherwise undermine encryption at a systemic level. Examples of this include situations where a service provider is ordered to decrypt customer communications or data, and does so by providing state agencies with at ‘master’ decryption key, permitting the recipient state agency to decrypt all future customer interactions on its own initiative. Another example would be where a company is compelled to assist a state agency in accessing a customer’s device or data, but can only do so by re-engineering new weaknesses into its products. Such measures implicate the same policy implications as those in the first category, in that they prevent the public availability of secure and uncompromised encryption. The same weaknesses introduced by such measures can be exploited by malicious actors and given their systemic impact, the implicate the broader human rights considerations that accompany a reduction in the ability to interact securely in the digital era.
The most controversial measure in this second category is referred to as ‘exceptional access’, which refers to an aspiration that service developers can create a means of communications that is secure against the world, but allows properly authorized state agencies an exceptional capability to access data in its decrypted form. State agencies or officials that advance this solution often place the burden on service providers or the technical community to simply ‘find a way’ to achieve exceptional access that is also secure. However, the universal consensus amongst technical experts is that no such solution is possible. Access cannot reasonably be anticipated to remain ‘exceptional’, and will in time be compromised by malicious or unintended third parties. While some cryptographers have sought to develop mechanisms that minimize the chance an exceptional access mechanism will be compromised, these solutions inevitably introduce serious complexity and accompanying challenges relating to secure implementation. In other instances, solutions pointed to as ‘proofs of concept’ simply do not scale to the level of usage that they will need to achieve if they are to functionally facilitate state agencies’ needs. Further, many existing and widely secure communications and data services are inherently inconsistent with these exceptional access measures, and will need to either fundamentally evolve or face outright censorship if exceptional access were to become a legal obligation. Ultimately, such measures are distinguishable from those in the first category (and the implications that accompany them) only in rhetoric, not in reality.
The third category of state measures seek to enlist specific individuals in the decryption of their data, devices or accounts. Most of these measures involve compelling individuals to provide encryption keys or passwords for the tools or mechanisms encrypting their data. Courts have recognized that this type of measure is controversial in that it engages the constitutional right to silence and related prohibition on compelling individuals to self incriminate. Relying on highly diminutive analyses of the doctrine of self-incrimination, some have argued that the protections in question should not apply to some increasingly common decryption mechanisms, such as fingerprints or facial scans. However, courts have historically adopted a purposive approach to the application of these rights, one focused on preventing situations where an accused is legally compelled, on threat of criminal sanction, to participate in the investigation of their crime. This purposive approach should not be hindered by overly formalistic distinctions such as whether decryption occurs by password or fingerprint. Additional challenges remain surrounding the extension of such protections to areas where privacy or criminal jeopardy has not historically enjoyed the types of protection it should. For example, can individuals be compelled to unlock their devices on arrest or when crossing an international border? Ultimately, given the substantial privacy and related interests implicated by compelled individual decryption, these category of measures should have limited application.
Following this assessment of the various measures a state might employ to directly target encryption, Section Five examines whether there is even any need for such responses in the first place. To begin with, encryption rarely presents an absolute guarantee of security, and state agencies already rely on an array of powers and techniques to bypass encryption without directing new policy initiatives at encryption mechanisms. In some instances there is a financial or resource cost associated with employing these techniques, but these pragmatic costs pale in comparison to the human rights impacts associated with their alternative. In other instances, these techniques raise additional problems and are in and of themselves unwise or unjustifiable. Even where encryption does actually prevent state agencies from accessing some data in some contexts, the bigger picture must be examined before drastic measures are taken to undermine what is inherently a public good. This bigger picture necessarily demands a holistic examination of modern day policing and intelligence-gathering, and must account for the vast new and emerging data sources routinely gathered and used by intelligence agencies.
As a starting point, encryption is best thought of as investigative friction, not investigative impossibility. With sufficient exertion in terms of time and resources, many encryption barriers can be overcome through various endpoint hacking techniques. Resource costs associated with overcoming this investigative friction should be viewed more as imposing (or even ‘restoring’) a pragmatic incentive to reserve encryption workarounds to instances where priorities truly justify such intrusion. Different types of attacks might take different levels of sophistication, exertion and pre-developed technical capabilities. Some of the more sophisticated capabilities will likely remain within the purview of intelligence agencies for the foreseeable future, as they require intrusion on a level that falls outside what domestic law enforcement agencies can typically undertake. However, intelligence agencies are increasingly empowered to provide technical assistance to domestic law enforcement in ways that could mitigate these historical limitations. Moreover, some decryption capabilities are increasingly becoming available to law enforcement agencies. The FBI, for example, has developed units dedicated to developing internal endpoint hacking capabilities and working relationships with third party exploit vendors to facilitate quick access when a new encryption obstacle needs to be bypassed. As another example, various local law enforcement agencies in the United States have acquired a relatively low-cost and portable tool called GrayKey which can reportedly unlock iPhone devices using the most recent versions of Apple’s operating system.
While many of these methods are highly intrusive, particularly when deployed remotely, many are undeniably part of many law enforcement and intelligence agencies’ current toolsets. Ignoring these capabilities while calling for more direct laws regulating encryption or its use might lead to reactionary policies that are ultimately unnecessary. For example, the FBI infamously advanced one of the San Bernardino’s encrypted and locked personal iPhone as a test case seeking a novel decryption order against Apple. In the end, the US DOJ’s Auditor General found that an FBI unit was aware of a third party vendor with known exploits against the device already under development. The phone was unlocked without the need to resort to a court order that, if issued, would have undermined the security of all iPhones using the same operating system.
Ultimately, however, encryption will inevitably occlude some data from state and intelligence agencies in some contexts. This does not, however, translate into the insurmountable investigative barrier that is sometimes presented in public discourse surrounding the ‘going dark’ concern. Far from going dark, law enforcement and intelligence agencies have access to more information about individuals’ private lives today than at any previous moment in human history. This data deluge more than offsets any impediment that encryption might pose to the state in achieving its various objectives.
The modern trend is undeniably and predominantly towards creation of new and more deeply revealing data sets, not the minimal occlusion of some data sets and some devices that accompanies broader adoption of encryption. The drivers of this trend include the significant business incentives that favour the greater creation and aggregation of data in format accessible to service providers and other third parties. Second, however, the creation of new and richer datasets is a seemingly inherent trait of the growing digitization of modern life. Networked refrigerators, thermometers, televisions, cars and pacemakers all create records of activities that were previously ephemeral. Canadian law enforcement and intelligence agencies have the tools and, increasingly, the capabilities to fully exploit these and other data sets to achieve their objectives. At times, the offset created by these new and emerging datasets is direct. Trends favouring ‘cloud’ based data backup allow state agencies to access data that is otherwise locked on an encrypted device. Metadata can identify the file downloaded or online video viewed by an individual from a website, even if the individual’s interaction with that website is encrypted in transit. At other times, the offset is less direct. Open Source intelligence harvests information from publicly available sources such as social media. Such information cannot always be occluded by encryption, as it is intended for public audiences. Yet it has been leveraged by state agencies in increasingly revealing ways to provide deep investigative insights. The digital environment also creates many efficiencies for law enforcement agencies. For example, undercover activities can be carried out with far greater ease than is possible in the physical world (not without some controversy).
Measuring the empirical impact of encryption and this corresponding offset on investigative objectives is difficult, in part because state agencies do not systematically publicize data on the challenges they face or the digital data they collect. What data is available, however, strongly suggests that, far from decreasing to crisis levels, Canadian law enforcement per incident clearance and charge rates have increased since the dawn of the new millennium. This strongly suggests that, all other factors being equal, the growing adoption of encryption in recent years has done little to undermine the capacity of law enforcement to carry out its objectives.
The case for adoption of drastic measures against encryption has simply not been made. In light of the potentially far-ranging negative implications of any such measures, their adoption should be firmly avoided.
Tamir Israel, Staff Lawyer, CIPPIC