everything you've ever wanted to know about encryption › ... ›...
TRANSCRIPT
cfr.org/cyber
0000 1111 8888 9999
Bank card
Everything You've Ever Wanted to Know About Encryption
I’ve heard a lot in the news about encryption. What is it?
Encryption uses math to scramble data to protect it from prying eyes. To read encrypted data a person must have a unique key or password to unscramble the data making it legible.
So if encryption is good for us, what’s the debate?
Some tech companies are launching products that automatically encrypt data in a way that only the user can decrypt. Silicon Valley, computer scientists, and activists argue that more encryption keeps data and people safe.
Law enforcement argues that automatically encrypting data will make the contents of a message between two suspects in a criminal investigation impossible to read.
It keeps credit card information safe when purchasing something online.
It keeps data, such as documents, health data, and financial records private.
Why does law enforcement want access to some data?The ability to decipher encrypted communications could enable law enforcement to:
It keeps classified information secret.
Obtain operational details or evidence of terrorist plots, espionage,
or other criminal activity.
Gather evidence. Act quickly in emergency situations, such as when someone’s life is in
immediate danger.
It is impossible to create a method that only allows law enforcement to decrypt data without giving that same capability
to criminals and terrorists.
Lawful hacking
Law enforcement should have the ability to hack into a suspect’s smartphone or computer with a court order using
existing software vulnerabilities, instead of requiring companies to maintain a decryption capability.
Develop a national capacity to decrypt data
Encryption poses a bigger challenge to state and local law enforcement than it does federal agencies. Creating a national decryption capability could provide them with the necessary
resources and capabilities to decrypt data.
If technology companies in the United States are required to maintain a
decryption capability, it makes it harder for those same companies to resist similar
demands from other countries.
Requiring U.S. tech companies to maintain a decryption capability will not prevent malicious actors from obtaining strong
encryption software elsewhere.
Where can law enforcement attempt to access encrypted data?
What are the arguments against requiring tech companies to maintain the ability to decrypt data for law enforcement?
What alternatives have been proposed to help law enforcement access the data they seek?
MASTER
KEY
!@#*$&^@^%>:”+_?
In transit In the cloudFrom the device
Tech Corp ¸£™§¶• &#*$!&@?
evidence
In transit In the cloud
Where does encryption occur?
On a device
Collecting Metadata
Internet-enabled devices emit metadata. A smartphone emits location data and information about the other devices with
which it communicates. This metadata can help law enforcement investigate leads and bypass an encryption hurdle.
Increase police tech literacy
Recognizing how and when encryption occurs—on the device, in transit, and in the cloud—may help law
enforcement access the data it needs.
EN
CR
YP
TION
001101011100101011110010100010100101100101011010100110100101011110010100100101011110010100
001101011100101011110010100010100101100101011010100110100101011110010100100101011110010100
Tech Corp
WARRANT