Wednesday, October 27, 2010

Practical and Legal Issues Surrounding Encryption

I have previously posted on the issue of encryption and passwords.

A commentary in the Electronic Frontier Foundation raises some practical issues with allowing government access to encryption keys. I don't know enough about the business side of the issue to assess whether these are accurate or exaggerated. The commentary raises some legal issues, however:

The details of how a cryptography regulation or mandate will be unconstitutional may vary, but there are serious problems with nearly every iteration of a "no encryption allowed" proposal that we've seen so far. Some likely problems:

•The First Amendment would likely be violated by a ban on all fully encrypted speech.

•The First Amendment would likely not allow a ban of any software that can allow untappable secrecy. Software is speech, after all, and this is one of the key ways we defeated this bad idea last time.

•The Fourth Amendment would not allow requiring disclosure of a key to the backdoor into our houses so the government can read our "papers" in advance of a showing of probable cause, and our digital communications shouldn't be treated any differently.

•The Fifth Amendment would be implicated by required disclosure of a private papers and the forced utterance of incriminating testimony.

•Right to privacy. Both the right to be left alone and informational privacy rights would be implicated.

It is hard to assess the arguments without seeing the full proposal from the government. And I think a complete ban on encryption is not likely. In my view, the most significant issues that will face courts in the coming years:

  1. Does encryption evidence a reasonable expectation of privacy, such that the government would need a warrant to obtain a key. The alternative is that the government could try to obtain encryption keys through simply issuing a subpoena without any judicial or outside review. My initial answer seems to be "yes."


  2. Does the Fifth Amendment protect someone from disclosing an encryption key? My initial answer seems to be "no." Providing an encryption key may be like providing fingerprints, DNA, or the key to a locked box. My initial thoughts are here.

No comments:

Post a Comment