With the spread of encrypted communications, countries must balance privacy, security, and safety. To shed light on the trade-offs policymakers face on when, where, how, and by whom encryption is used, CSIS presents a dynamic, user-centric breakdown of these considerations.
The global encryption policy landscape is fracturing, with different countries pursuing different approaches to encryption through both legal and technical means. Encryption serves a variety of purposes for individuals, governments, and organizations in protecting their data and information, whether “at rest” when stored on computers, smartphones, and other devices or “in transit” in communications between users, devices, and applications.
In the past, most commercially available encryption allowed the service provider to decrypt users’ data or communications (called “recoverable encryption”) if necessary. These service providers range from telecommunications providers to device makers, operating system (OS) providers, and app companies. Today, however, both major OS families (Android and iOS) and a growing number of instant messaging companies have implemented unrecoverable encryption, which can only be accessed with the user’s private key.
Uses of this kind of unrecoverable encryption for communications and mobile device storage include:
Person-to-person Communication: Encrypted messenger apps, voice calls, and email services allow users to communicate instantly and relatively securely, for both personal and professional use.
Groups and Community Building: The group chat feature offered by many encrypted instant messenger apps provides all types of groups and communities the ability to communicate and connect continuously with fellow members.
Broadcasting and Information Dissemination: Encrypted communications apps can function as broadcasting channels for the instant dissemination of information to hundreds or even thousands of users.
Coordination and Mobilization: Secure messaging enables users and groups to plan, coordinate, and execute tasks and operations across geographic areas and to mobilize members for specific courses of action.
Content Sharing: Encryption can be used to securely store and share photos, videos, documents, and other digital material via messenger apps, online cloud sharing, and digital “drop boxes”
Commerce and Financial Transactions: Encrypted peer-to-peer (P2P) payment platforms enable direct and secure payments, money transfers, and commercial transactions between users and organizations.
Policymakers in the United States and other democratic countries face several dilemmas related to these uses of encryption; this has become known as the “Going Dark” problem. Citizens in liberal democratic countries expect a right to privacy, including communications and correspondence. However, law enforcement and security agencies must contend with forms of encryption that make it difficult or impossible for them to access data that could be relevant to ongoing criminal or national security investigations.
Resolving this conflict between protecting privacy through encryption and the interests of justice and national security requires understanding the users of encryption along with the various policy environments that have evolved around them.
Nations are pursuing various approaches to govern encrypted data and devices. Autocrats often mandate the design of technology to ensure government access to their citizens’ information. But for the United States and other democratic nations, constitutional tenets and dedication to civil liberties make design mandates for encryption technology untenable.
Encryption helps protect individuals or groups from malicious actors or governments. At the same time, most democracies want lawful access to data to protect the safety and security of these same residents. How the United States and other governments choose to govern digital content and the use of encryption will define the technology ecosystem in which states, organizations, companies, and individuals operate.
Ordinary people are daily users and consumers of encryption and secure communications products. However, there are five user communities that, taken together, illuminate the trade-offs inherent in encryption policy choices.
Although all these user groups rely on encryption, their priorities vary. Some are most interested in securing personal communications or building private communities. Others are focused on protecting financial transactions.
While encryption is employed by each user group, the daily reality each group faces varies by circumstance and geographic location. For example, several autocratic countries target LGBTQ+ groups and journalists, whereas liberal democracies generally do not. Violent extremist actors may find safe harbor in encrypted channels in societies with strong norms and laws on individuals’ right to privacy.
The encryption policy environment adds the final layer of complexity to user dynamics. Authoritarian regimes such as China and Russia combat encryption to control their populations and further intelligence goals. In contrast, advanced democracies such as Australia and Germany work within established legal limits to access encrypted data from suspected criminals, terrorists, or other malign actors.
The encryption policy choices made by individual countries can have global implications. Companies, organizations, and peoples seeking to communicate or transact across borders will be affected by the patchwork of policies now in place or under development. On behalf of these citizens and businesses, the United States has a vested interest in working toward global governance standards and norms for encryption.
The United States should pursue a nuanced approach to encryption, both at home and in its foreign policy. By considering both the constructive and problematic roles encryption can play, U.S. policymakers can more deftly balance privacy, security, and safety along the spectrum of options.
Lindsey R. Sheppard
Fellow, International Security Program
Lindsey Sheppard is a fellow with the International Security Program at the Center for Strategic and International Studies (CSIS), where she focuses on emerging technologies and security applications. Her research areas include artificial intelligence, machine learning, defense innovation, and technology ecosystems. Ms. Sheppard contributes expertise in modeling and simulation, system architecture and design, electronic warfare, and radar from five years of experience in defense research and development. Before joining CSIS, she was a member of the technical staff at the Charles Stark Draper Laboratory and the Georgia Tech Research Institute, during which time she served as the systems engineering lead on multiyear efforts building simulation capabilities to evaluate technology and deployment solutions to support military operations. She holds an M.S. and a B.S. in aerospace engineering from the Georgia Institute of Technology.
Fellow, International Security Program; Transnational Threats Project
Brian Katz is a fellow in the International Security Program at the Center for Strategic and International Studies (CSIS). His research agenda focuses on the intersection of intelligence, national security, and technology, including the integration and implications of emerging technologies; adapting intelligence to the future of counterterrorism; and the role of intelligence in policymaking, strategy, and military operations. He also frequently writes on Middle East security issues, counterterrorism, nonstate actors, and proxy warfare. Mr. Katz served as a visiting fellow at CSIS from 2018-2019 through the Council on Foreign Relations International Affairs Fellowship program. He joined CSIS after a decade of service in the U.S. Government at the Central Intelligence Agency (CIA) and Department of Defense. At the CIA, Mr. Katz served as a military analyst for the Middle East, South Asia, and Eastern Europe, including multiple overseas tours. From 2016 to 2017, he served as country director for Syria in the Office of the Secretary of Defense, where he provided policy and strategy advice to senior officials on the Syrian conflict and U.S. military and counterterrorism efforts against the Islamic State and Al Qaeda. Mr. Katz is also an officer in the U.S. Navy Reserve currently serving with U.S. European Command. He holds a B.S. in economics from Duke University and an M.A. in international relations and strategic studies from the Johns Hopkins University School of Advanced International Studies. He is a previous Center for a New American Security Next Generation National Security Fellow and a recipient of the Secretary of Defense Medal for Exceptional Civilian Service and two National Intelligence Medals.Full Bio Here
Kathleen H. Hicks
Senior Vice President; Henry A. Kissinger Chair; Director, International Security Program
Kathleen Hicks is senior vice president, Henry A. Kissinger Chair, and director of the International Security Program at the Center for Strategic and International Studies. She leads a bipartisan team of over 50 resident staff and an extensive network of non-resident affiliates dedicated to providing independent strategic insights and policy solutions that shape national security. Dr. Hicks is concurrently the Donald Marron Scholar at the Kissinger Center for Global Affairs, Johns Hopkins School of Advanced International Studies. She is also a member of the board of trustees for the Aerospace Corporation and the board of directors for the U.S. Naval Institute, in addition to serving on several advisory boards. Dr. Hicks has an extensive national security background, including as a Senate-confirmed leader on policy matters in the Pentagon and an appointed member of two national commissions on defense and security matters. She has received distinguished service awards from three Secretaries of Defense and a Chairman of the Joint Chiefs of Staff, the DOD Senior Professional Women’s Association Excellence in Leadership Award, and the 2018 Walter Beach Award from the National Capital Area Political Science Association. She holds a Ph.D. in political science from the Massachusetts Institute of Technology, a master’s degree from the University of Maryland, and an A.B. magna cum laude from Mount Holyoke College.Full Bio Here
Research Intern, International Security Program
Collett Preston is a research intern with the International Security Program at CSIS. Mr. Preston provides research and program support to the Defending Democratic Institutions Project, and is a rising senior at Yale University.
CSIS received a financial gift from Facebook in support of research on encryption safety and security.
A product of the Andreas C. Dracopoulos iDeas Lab, the in-house digital, multimedia, and design agency at the Center for Strategic and International Studies.