NASEM Report: Adding Government Access to Data Weakens Encryption Security
Adding government access to data weakens the security of encrypted products and services, but absence of access hampers official investigations, said a report issued Thursday by the National Academies of Sciences, Engineering and Medicine. It was meant to inform policymakers and the technical community when deciding government authorization to access encrypted data, NASEM said in a release. The report results from an 18-month effort from a group that includes law enforcement, computer science, civil liberties, law and other disciplines, it said. “Our hope is that this report and the framework it presents will cut through the rhetoric, inform decision-makers, and help enable an open, frank conversation about the best path forward,” said Fred Cate, a law professor at Indiana University and chair of the committee that wrote the report, in a statement. NASEM said the framework can be applied to regulatory requirements for when “a manufacturer has to ensure lawful access to their products”; funding decisions to support government access; and other details. The report lists several challenges for lawmakers in the debate, including incomplete information about encryption’s impact on investigations and limits in measuring security risks. BSA Senior Director-Policy Tommy Ross called the report “one of the most important analytical examinations of this issue since the debate began.”