Encryption Policy and Freedom of the Press

Interesting law journal article: "Encryption and the Press Clause," by D. Victoria Barantetsky.

Abstract: Almost twenty years ago, a hostile debate over whether government could regulate encryption -- later named the Crypto Wars -- seized the country. At the center of this debate stirred one simple question: is encryption protected speech? This issue touched all branches of government percolating from Congress, to the President, and eventually to the federal courts. In a waterfall of cases, several United States Court of Appeals appeared to reach a consensus that encryption was protected speech under the First Amendment, and with that the Crypto Wars appeared to be over, until now.

Nearly twenty years later, the Crypto Wars have returned. Following recent mass shootings, law enforcement has once again questioned the legal protection for encryption and tried to implement "backdoor" techniques to access messages sent over encrypted channels. In the case, Apple v. FBI, the agency tried to compel Apple to grant access to the iPhone of a San Bernardino shooter. The case was never decided, but the legal arguments briefed before the court were essentially the same as they were two decades prior. Apple and amici supporting the company argued that encryption was protected speech.

While these arguments remain convincing, circumstances have changed in ways that should be reflected in the legal doctrines that lawyers use. Unlike twenty years ago, today surveillance is ubiquitous, and the need for encryption is no longer felt by a seldom few. Encryption has become necessary for even the most basic exchange of information given that most Americans share "nearly every aspect of their lives ­-- from the mundane to the intimate" over the Internet, as stated in a recent Supreme Court opinion.

Given these developments, lawyers might consider a new justification under the Press Clause. In addition to the many doctrinal concerns that exist with protection under the Speech Clause, the Press Clause is normatively and descriptively more accurate at protecting encryption as a tool for secure communication without fear of government surveillance. This Article outlines that framework by examining the historical and theoretical transformation of the Press Clause since its inception.

Edited to Add (4/12): Follow-up article.

Posted on April 4, 2017 at 2:14 PM • 21 Comments

Comments

DanielApril 4, 2017 4:20 PM

Language is encryption. That is the core perspective behind the old American saying that "it is all Greek to me". If one doesn't know the code, the words are gibberish. Go talk to your pet spider in your native language and see how well it understands you. From the spider's perspective your native language is encrypted--it is a message in a code for which it has no key.

https://en.wikipedia.org/wiki/Greek_to_me

The far more important question is when can one be forced to decrypt? Because the ability to encrypt data is mostly meaningless if one can be compelled to decrypt it upon the demand of another. [I say "mostly meaningless" because there are odd situations (such as when the person dies during a rubber hose attack) that do not render encryption wholly meaningless even in a legal system where compelled decryption is rampant.]

So in my view the paper in the OP erects a straw man--it offers a justification for a position that no one seriously challenges. Encryption is a fact. It isn't going to go away. It is no more going to go away than language is going to go away. But the terms and conditions under which data will be decrypted is very much in play and where the focus of policy efforts should be. And within that debate there are many open questions:

(1) who gets to make the decision to decrypt? The government? A third party? Only the key holder?
(2) What data is the proper target of decryption? Everything that is encrypted or some subset? And if some subset how does one determine that?
(3) Does the location of the data matter? At there greater or lesser protections at the border vs at in the center of the country? Does the legal jurisdiction matter in terms of where the data is stored vs the legal jurisdiction of who owns the data? This is especially important in situations where parts of a data set might be stored in multiple countries with different legal rules and traditions.
(4) What criteria should be used to determine when decryption can be compelled? National security? Probable cause to believe a criminal law is being broken? A generalized desire to snoop?

The list goes on.

I recognize that there are some hard core privacy advocates that believe that one should never be forced to decrypt. Indeed, that is my own inclination. I also think it is a fantasy in the present cultural context. There is no evidence that legislatures, courts, or even public opinion is willing to grant such a huge carve out. So engagement in such questions as outlined above is the best response in the short term.

Lawrence D’OliveiroApril 4, 2017 5:13 PM

If the Government is so keen on a workable back-doored encryption system, why don’t they come up with one? The US Government employs the NSA, which (allegedly) has the largest and brightest pool of crypto talent on the planet. If anybody has the necessary hashtags to come up with such a scheme, wouldn’t it be them?

Maybe President Trump can issue an Executive Order to that effect—could that be the missing sprinkling of magic pixie dust that is needed to kick-start the process?

John GaltApril 4, 2017 5:32 PM

@ Daniel

Language is encryption. ...

During WW II, the US used Indians (and their native languages) as encryptors (aka "code talkers.")

Why? The Japanese didn't know anything about them.

MATHEMATICS is a Language...

Just like Politics.... "we're *moving forward* in the *face* of our *national security interests*" (whatever those secret phrases mean... even when "national security interests" means 3 trillion dollars worth of Copper in the middle of an Afghan Desert.)

Information wants to be freeApril 4, 2017 8:46 PM

Here is how I see it: we are on a collision course.

And yet, I believe that, as counter intuitive as some in this crowd might believe, Trump being president might help us.

Trump notoriously doesn't use computers, but he was incensed when he found out that the NSA, using incidental collection, spied on him and his team. So he understands what's like have be caught in dragnet surveillance. Better yet, he understands that dragnet surveillance can be used as an excuse to spy on everyone, including the president elect of the United States.

I don't see him pushing for making it easier for the NSA to spy on us, despite the campaign rhetoric.

Even national security hawk Lindsey Graham had second thoughts on the Apple case after talking to encryption experts http://fortune.com/2016/03/10/apple-fbi-lindsay-graham/ .

What the Trump spying and the Graham switch have in common is this: there is a significant suspicion of government across the conservative spectrum. As worried as conservatives are about preventing potential terrorists acts, they are equally (if not more) worried about what could happen the day a different person is on top with access to all the data collected given what they did to Trump and his associates. Disabling encryption -or forcing back doors- would only make things worse.

So I see here an opportunity to make common cause with those who hold power currently in Washington DC to ensure that encryption is widely available without back doors.

When it comes to forcing us to blindly trust government because they cannot do any wrong, the Democrats (an liberals at large) are the bigger problem. Just watch this panel of crypto-experts https://www.youtube.com/watch?v=k76qLOrna1w . Interestingly, only Moxie Marlinspike refused to buy the notion that the FBI -and law enforcement in general- should have the ability to access encrypted data. The other 4 are as card carrying liberals as they come. It took an anarchist to state the obvious. Back in March 2016, it seemed impossible that anybody other than Hillary Clinton would be US president today.

John GaltApril 4, 2017 9:59 PM

@ Information...

[[[And yet, I believe that, as counter intuitive as some in this crowd might believe, Trump being president might help us.]]]

Trump hasn't learned that he cannot trust Silicon Valley, yet.

The spy system today was born at THIS MEETING: http://www.computerworld.com/article/2513311/it-management/jobs--zuckerberg-get-prime-spots-at-obama-dinner.html

Obama. Clinton was allied with Google execs. Larry Ellison was sitting across from Obama cuz of his then-in-progress suit against Google/Schmidt over Java in Android. You can see in the picture that Schmidt was in the doghouse. Why? The Sun patents were bogus before Ellison bought Sun. Schmidt knew it.

Anyways... The Russians DID NOT HACK the DNC. THE DNC SUBSCRIBED TO HOSTED EXCHANGE AT APPRIVER.COM. I already analyzed the situation. I think I know where the DNC emails really came from. Crowdstrike is Full of Sh!t and is in bed with the DNC just like the people in the ComputerWorld article.

Trump is at a serious disadvantage. Why? He doesn't even use email. He has no clue how any of this stuff works. So, those within the intel community can lie to him with impunity. So can those same people at Obama/Doerr's table in 2011.

Add "Google for Government" to the mix.

IMHO, it's up to 'us' to keep these spy-whores honest.

I don't know if that's possible.


TatütataApril 5, 2017 9:02 AM

If backdoors become mandatory, will they force the Navajo not to speak their own language over the phone? And how about superencipherment? If the outer shell can be decoded by the spooks, would I still be able to encode the inner message itself, or am I committing a felony? What if I develop a personal new image file format, or encode it using steganography? Are the lawmakers simply endeavouring novel felonies for implementing universal criminality, allowing badges to enforce at their discretion poorly drafted statutes?

Historically, there was a prohibition of encryption on international telegraph circuits, and national ones especially in times of war. There were also restrictions on permissible languages, e.g., EN, SP, PT on US circuits to South-America, facilitating the recruitment of censors.

Users did however want to save money by using specialised codes. These were designed for convenience, not enciphering. A solution was to force users to use either one of a list of approved code books, or deposit their own with authorities. This explains some of the stuff in the pre-1930s NSA documents list posted a few days ago.

Dirk PraetApril 5, 2017 10:07 AM

@ Information wants to be free

And yet, I believe that, as counter intuitive as some in this crowd might believe, Trump being president might help us.

Actually, no. It is a persistent myth that someone with zero knowledge of, or practical experience with a specific subject matter somehow would be in any position to intelligently act on any meaningful insights about it. Which doesn't just go for Trump.

In this specific case, their total lack of understanding that anyone in the US can be spied upon was what got them in trouble in the first place.

I don't see him pushing for making it easier for the NSA to spy on us, despite the campaign rhetoric.

As if he would do anything to push back against the MIC. He's just proposed a $54 billion increase in military spending. The simple fact of the matter is that Trump and his merry club of politically inexperienced billionaires are no Republicans, but a bunch of outsiders deeply mistrusted by a deep state that is not just comprised of Democrats.

Trump, like any of his recent predecessors, has three simple options: he plays ball, he resorts to an Erdogan-like cleansing that (literally) blows up in his face, or he gets impeached.

Information wants to be freeApril 5, 2017 11:54 AM

@John Galt

"Trump is at a serious disadvantage. Why? He doesn't even use email"

Actually, I think that this is an advantage. It allows him to have a more independent look at things, particularly after having been himself the victim of spying by way of so called "incidental collection". I find Bruce and his EFF allies silence on the Susan Rice news very telling. It's the first evidence we have that indeed, the NSA actively lies when it says it doesn't unmask US citizens identities unless there is national security interests at stake. It turns out that petty political reasons are also a valid reason to unmask the identities of US persons (citizens and greencard holders) caught in dragnet surveillance.

Traditionally, it is the Democrats who are the statist party (ie, those who blindly trust government). Now we have a president who doesn't share those views even though he is not a traditional "government is evil" conservative either. Let's all remember that it was the G W Bush cronies that started the dragnet collection programs. I don't trust traditional Republicans nor traditional Democrats with making good decisions when it comes to encryption policy. Trump might represent one in a life time opportunity to have the right legal framework in place.

@Dirk Praet

Sorry, I don't argue with clueless Europeans who fail to understand the basics of American government such as the separation of powers and checks and balances. It's not about you, but I have reached this conclusion a while back that having discussions about American politics with people who lack a basic, American high school level, understanding of American government is a futile exercise. Take your nonsense to somebody else.

John GaltApril 5, 2017 12:50 PM

@ Info...

Respectfully, I disagree.

"Legal Framework" isn't going to do anything. He's looking to dismantle the regulatory nightmare. Not increase it.

We already know Clinton was clueless. That's why all her data ended up on Wikileaks. Trump will be forced to listen to the same BS artists.

Listening to the Clinton election rhetoric about "cyber attack" prompting a nuke response shows you what these BS artists can accomplish.

We're gonna run out of nukes within 1 hour of a declared "cyberwar."

Wanna know how to win a cyber war?

Unplug your computer and save billions of lives.

Dirk PraetApril 5, 2017 1:23 PM

@ Information thingie, @ Moderator

I don't argue with clueless Europeans who fail to understand the basics of American government such as the separation of powers and checks and balances ... Take your nonsense to somebody else.

You're in the wrong place, mate. On your way out to Breitbart, don't let the door hit ya where the good Lord split ya.

ModeratorApril 5, 2017 1:46 PM

@Information wants to be free, your "clueless Europeans" remark is out of line. Either refrain from racial, ethnic or national slurs and insulting generalizations, or take your opinions elsewhere.

ModeratorApril 5, 2017 2:42 PM

@Information wants to be free, again: your reference to "clueless Europeans" is out of line.

vApril 5, 2017 3:17 PM

@John Galt

I had the pleasure to meet some of the Navajo Code talkers many years ago - what a great bunch of people the US should be extremely proud of.

Years later I asked somebody in the British Army why we didn't do something similar - she told me that plenty of Welsh speakers were divied out in Kosovo... results were equally effective 50 years later.

---

Generally, the thing that upsets me most about the likely course of events is that we end up in an arms race with our own governments... it goes thus:

we get upset by too much intrusion; too little privacy
we go Tor and/or encryption; even though we have nothing to hide
government increases it's capacity in an endless quest to 'know all'
we pay for this in taxes

The great shame - opportunity cost - if governments set themselves more appropriate levels of general surveillance, we don't hide our stuff... the money saved could be spent on useful stuff like education, health, etc.

I know I'm a dreamer who knows nothing!

pcApril 6, 2017 11:31 AM

Regardless of whether encryption should be protected by the First Amendment, I always thought there would have been great if encryption had remained classified as a munition, and thereby gained some clear Second Amendment protection.

(Obviously ain't going to happen now, and relies on a broad reading of the Second Amendment which is getting less and less popular, but it'd be neat if it were to somehow happen.)

John GaltApril 7, 2017 7:59 AM

@ pc

Regardless of whether encryption should be protected by the First Amendment, I always thought there would have been great if encryption had remained classified as a munition, and thereby gained some clear Second Amendment protection.

(Obviously ain't going to happen now, and relies on a broad reading of the Second Amendment which is getting less and less popular, but it'd be neat if it were to somehow happen.)

HINT: Try the Thirteenth Amendment, instead. Read the Supreme Court cases of The Amistad and Dred Scott.

That's why "the establishment" is gearing up to reinstitute slavery. The TSA does a good job of slave training, doesn't it? (Ask an airline pilot about the phrase, "human cargo.")

Muahhaha...

:0

My InfoApril 8, 2017 12:03 PM

Encryption, as well as any policy thereon, is moot as long as we are dependent on electronic devices designed, built, and programmed by H1-B slave labor.

ab praeceptisApril 8, 2017 12:52 PM

My Info

Funny remark. But without "h1-b slave labour" the us of a will fail due to lack of cheap labour as well as due to lack of imported brainpower.

I'd actually welcome that. It angers me since many years that your country strip other countries of their future and brainpower.
At the same time, of course, we can't trust those who left us for money in the us.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.