The Spectrum of Encryption: Safety and Security Considerations
August 31, 2020
Encryption is a critical tool to protect sensitive information, prevent cybercrime and digital fraud, and authenticate digital transactions. However, the global encryption policy landscape is fracturing, with different countries pursuing different approaches to encryption through both legal and technical means. With authoritarianism on the rise around the world, encryption policy debates are about more than securing data. How different countries address the question of access to encryption will shape how global companies build their products, which will have significant implications for the tools and choices available to a wide range of users around the world. For vulnerable groups, both recoverable and unrecoverable encryption can be an essential means to protect communications and activities from repressive regimes, criminals, hate groups, and other bad actors. But malicious actors can also utilize encryption to hide their activities from law enforcement and security agencies. While average, everyday users have interests and needs in using encryption, the CSIS research team focused on a subset of user communities that, taken together, illuminate the trade-offs inherent in encryption policy choices. This study explores these issues through the lens of key encryption user groups (independent voices; at-risk groups; businesses and organizations; foreign policy; and terrorists, extremists, and hate groups), their governments, and U.S. values and interests. Its findings illuminate the central trade-offs policymakers face and demonstrate that decisions surrounding when, where, how, and by whom encryption is used should be more nuanced than an all-or-nothing approach.
CSIS received a financial gift from Facebook in support of research on encryption safety and security.