Encryption helps human rights workers, activists, journalists, financial institutions, innovative businesses, and governments protect the confidentiality, integrity, and economic value of their activities. However, strong encryption may mean that governments cannot make sense of data they would otherwise be able to lawfully access in a criminal or intelligence investigation.
In the 1970s, and again in the 1990s, the U.S. government struggled with tradeoffs between its surveillance/law enforcement missions (potentially thwarted by crypto) and its information assurance/crime prevention missions (furthered by crypto). In the main, these debates, known as the first two “crypto wars,” were resolved in favor of allowing the proliferation of strong crypto.
Today, the crypto policy issue has resurfaced. American legislators and intelligence officials rushed to blame encrypted communications applications for enabling the terrorist attacks in Paris and San Bernardino in late 2015, without any supporting evidence. The Director of the FBI and officials in the European Union chide companies such as Apple and Google for using cryptography architectures that the companies are unable to decrypt for law enforcement. The Manhattan District Attorney and the UK Prime Minister have called for such architectures to be prohibited by law, and U.S. Congress members have proved receptive to these requests. In secret, meanwhile, the intelligence communities in the U.S. and abroad are invested in breaking popular encryption schemes, stealing encryption keys, and finding ways to circumvent communications security protocols.
Together, these efforts and others comprise the third round in the crypto wars. CIS’s Crypto Policy Project, which receives funding from the Stanford Cyber Initiative, investigates and analyzes the policy and practices of the U.S. and foreign governments for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts. The project’s interdisciplinary approach includes technical analysis of policy proposals for encryption design, contributed by cryptography researchers in the Stanford Computer Science Department’s Applied Cryptography Group. The project also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.