A report released yesterday by the Berkman Center for Internet & Society at Harvard University addresses the recent debate over the use of encryption in communications technologies and its impact on government access to communication data. The report focuses on the U.S. government’s use of the “going dark” metaphor to describe recent decisions by several major providers of communications services and products to enable end-to-end encryption on their applications, operating systems, and mobile devices.
According to the report, the government’s use of the “going dark” metaphor to describe this phenomenon dates back to at least 2010, when the FBI’s then-General Counsel Valerie Caproni used the term in testimony before the Senate Judiciary Committee. The report acknowledges that views on encryption differ within the government, and that the Obama administration announced in October 2015 that it would not pursue legislative action to force companies to decrypt data in response to government requests. It notes, however, that several recent statements by FBI Director James Comey and others in the law enforcement and intelligence communities have expressed concern that encryption technologies inhibit access to communications even when the government has the legal authority to access them. This, in turn, could limit the government’s ability to prevent terrorist attacks or investigate and prosecute criminal activity.
But the report questions the use of “going dark” to describe trends in communications technology, concluding that it “does not fully describe the future of the government’s capacity to access the communications of suspected terrorists and criminals.” Instead, the report discusses three trends that suggest that, contrary to the “going dark” metaphor, some communications are “more illuminated now than in the past and others are brightening.” First, companies likely will not employ encryption as ubiquitously as the government fears because access to user data is critical to certain products or services and because encryption can add complexity to the user experience. Second, products are increasingly offered as centralized services, often utilizing cloud storage, which “lends itself much more to monitoring and control” than the product-based model. And third, the increasing ubiquity of network sensors embedded in everyday objects as part of the Internet of Things are “prime mechanisms for surveillance.”
The report concludes with a call to refocus the debate over encryption to “appreciate these trends and to make thoughtful decisions about how pervasively open to surveillance we think our built environments should be—by home and foreign governments, and by the companies who offer the products that are transforming our personal spaces.”