IEEE Position Statement

In Support of Strong Encryption Adopted by the IEEE Board of Directors 24 June 2018 IEEE supports the use of unfettered strong encryption1 to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as “backdoors” or “key escrow schemes” in order to facilitate government access to encrypted data.2 Governments have legitimate law enforcement and national security interests. IEEE believes that mandating the intentional creation of backdoors or escrow schemes — no matter how well intentioned — does not serve those interests well and will lead to the creation of vulnerabilities that would result in unforeseen effects as well as some predictable negative consequences. 1. Strong encryption is essential for the protection of individuals, businesses and governments from malicious cyber activities. Encryption protects confidentiality and integrity of data and communications. Almost all of internet commerce relies on encryption to protect data. 2. Exceptional access mechanisms would create risks by allowing malicious actors to exploit weakened systems or embedded vulnerabilities for nefarious purposes. Knowing that exceptional access mechanisms exist would allow malicious actors to focus on finding and exploiting them.3 Centralized key escrow schemes would create the risk that an adversary would have an opportunity to compromise

For examples of such encryption, see NIST’s Computer Security Resource Center, https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Standards. 2 “The principle of the backdoor is that another third party could have a mechanism to independently and without the knowledge of the sending or receiving party decrypt the communication. In an attempt to protect privacy and unlawful use of the backdoor the concept of key escrow [was created] where the covert cooperation of independent parties with law enforcement would be required to facilitate the use of the backdoor to decrypt the communication.” ENISA’s Opinion Paper on Encryption: Strong Encryption Safeguards Our Digital Identity, European Union Agency for Network and Information Security (ENISA), December 2016, p. 7. 3 ENISA, op. cit. 1

445 Hoes Lane, Piscataway, NJ 08854 USA • +1 732 981 0060 • Fax +1 732 981 0027 • www.ieee.org

security of all participants, including those who were not specifically targeted.4 As a result, the risk of successful cyber-theft, cyber-espionage, cyberattack, and cyberterrorism could increase. The consequences of malicious cyber activities to individuals and society might take many forms — including direct financial losses; identity theft; intellectual property theft and theft of sensitive business information; damage to critical infrastructure5; damage to national security; reputational damage; opportunity costs such as lost productivity; and even possibly loss of life when computer systems that support essential functions are disabled. Additionally, by increasing the risk of malicious alterations to data, extraordinary access mechanisms could reduce trust in authenticity of data and might lead to decision-making errors and miscalculations.6 3. Exceptional access mechanisms would not preclude malicious actors from taking advantage of strong encryption capabilities either created specifically for them 7 or available in countries that have no requirement for exceptional access mechanisms.8 Devices and systems with strong cybersecurity and/or known not to have exceptional access mechanisms are and would remain readily accessible to the malicious actors whom law enforcement and intelligence agencies wish to monitor.9 4. Efforts to constrain strong encryption or introduce key escrow schemes into consumer products can have long-term negative effects on the privacy, security and civil liberties of the citizens so regulated. Encryption is used worldwide, and not all countries and institutions would honour the policy-based protections that exceptional access mechanisms would require. A purpose that one country might consider lawful and in its national interest could be considered by other countries to be illegal or in conflict with their standards and interests. Thus, issues of jurisdiction may be the greatest impediment to exceptional access mechanisms.10

The Chertoff Group, “The Ground Truth About Encryption and the Consequences of Extraordinary Access,” 2016, https://www.chertoffgroup.com/files/238024282765.groundtruth.pdf. 5 Critical infrastructure can be many industry sectors, such as the sixteen listed by the US Department of Homeland Security and established by US Presidential Policy Directive 21. Refer to https://www.dhs.gov/critical-infrastructure-sectors. 6 Statement for the Record of the US Director of National Intelligence, World Wide Threat Assessment, February 9, 2016, p. 2. 7 ENISA, op. cit., p. 7. 8 B. Schneier, K. Seidel, and S. Vijayakumar, 2016, “A Worldwide Survey of Encryption Products,” Berkman Center Research Publication No. 2016-2, http://ssrn.com/abstract=2731160. 9 ENISA, op. cit.; US Director of National Intelligence, op. cit., p. 6. 10 H. Abelson, R. Anderson, S. M. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, M. Green, S. Landau, P. G. Neumann, R. L. Rivest, J. I. Schiller, B. Schneier, M. A. Specter, and D. J. Weitzner, 2015, “Keys under doormats,” Communications of the ACM, Volume 58, Issue 10 (October 2015), 24-26, DOI: https://doi.org/10.1145/2814825. 4

2

5. Law enforcement agencies have a range of other investigative tools to ensure access to systems and data, when warranted. Techniques include legal mechanisms for accessing data stored in plaintext on corporate servers, targeted exploits on individual machines, forensic analysis of suspected computers, and compelling suspects to reveal keys or passwords.11 6. Exceptional access mechanisms could hinder the ability of regulated companies to innovate and compete in the global market. Required exceptional access mechanisms could open an opportunity for non-regulated market participants to create products and services that may appear to customers in the global market to be more trustworthy than warranted.12 IEEE is committed to developing trust in technologies through transparency, technical community building, partnership across regions and nations, as a service to humanity. Measures that reduce the security of information or that facilitate the misuse of secure information systems will inevitably damage that trust, which in turn will impede the ability of the technologies to achieve much broader beneficial societal impacts. ABOUT IEEE IEEE is the largest technical professional organization dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice in a wide variety of areas ranging from aerospace systems, computers, and telecommunications to biomedical engineering, electric power, and consumer electronics.

O. Kerr, B. Schneier, “Encryption Workarounds,” Georgetown Law Journal, 2017, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2938033. 12 Chertoff, op. cit. 11

3

In Support of Strong Encryption - IEEE Global Public Policy

Jun 24, 2018 - Digital Identity, European Union Agency for Network and Information Security ... M. Green, S. Landau, P. G. Neumann, R. L. Rivest, J. I. Schiller, ...
Download PDF
360KB Sizes 1 Downloads 208 Views
Report

Recommend Documents

SAS Data Set Encryption Options - SAS Support
Feb 19, 2013 - 10. Encryption Is Not Security . .... NOTE: SAS (r) Proprietary Software 9.3 (TS1M2). Licensed to SAS ... The maximum record length was 10.
Public-Key Encryption in the Bounded-Retrieval Model
Oct 28, 2009 - memory contents of a machine, even after the machine is powered down. ... §Department of Computer Science and Applied Mathematics, Weizmann ...... Let HID(x)=(xq+2 −IDq+2)/(x−ID) be the polynomial of degree q+1, ...
Public-Key Encryption in the Bounded-Retrieval Model
Oct 28, 2009 - §Department of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot 76100, Israel. Email: ... of information that an adversary can learn through a key-leakage attack. ... chosen in the same way as in standa
The Impact of Changes in Child Support Policy
Fax: (217) 333-5538 ... mothers often did not get paid the awarded amount and poor enforcement ... (1998) find that Wisconsin's child support system ranked.
Constructing Public-key Homomorphic Encryption ...
Sep 13, 2012 - momorphic encryption scheme based on a private-key one that can ... provide solutions to practical security problems; however, they are not ... real world applications require large message spaces; ... systems, and cloud computing appl
Studies in the Political Economy of Public Policy
Book synopsis. The World Bank and New Mining Regimes in Asia critically investigates the particular role played by the World. Bank Group (WBG) in both ...
Ecosystem services in - Crawford School of Public Policy
Oct 15, 2012 - last half century, including agriculture products, forest products, .... respectively) and cultural services accounting for 6%. Most pub- lications ...
Google Is A Strong Performer In Enterprise Public Cloud Platforms
Dec 29, 2014 - slow to position its cloud platform as the home for applications that want to leverage the broad set of. Google services such as Android, AdSense, Search, Maps, and .... Cloud SQL (a fully managed, scalable, and relational database bas
Google Is A Strong Performer In Enterprise Public Cloud Platforms
Dec 29, 2014 - GOOGLE, NOW A FULLdSERVICE PLATFORM, IS RUNNING TO CATCH THE LEADERS. Since our last analysis, Google has made significant ...
Google Is A Strong Performer In Enterprise Public Cloud Platforms
Google Is A Strong Performer In Enterprise Public Cloud. Platforms. Excerpted From The Forrester Wave™: Enterprise Public Cloud Platforms, Q4 2014 by John r. rymer and James staten with Peter Burris, Christopher Mines, and Dominique Whittaker. DECE
Support Recovery With Orthogonal Matching Pursuit in ... - IEEE Xplore
Nov 1, 2015 - Support Recovery With Orthogonal Matching Pursuit in the Presence of Noise. Jian Wang, Student Member, IEEE. Abstract—Support recovery ...
Google Is A Strong Performer In Enterprise Public Cloud Platforms
Dec 29, 2014 - since our last analysis aren't substantial enough to change its position in our market view. Amazon Web Services. Microsoft. Salesforce. IBM. Mendix ... Networks. * Firewalls. * Storage location and class. * Cloud SQL instances, size,
Google Is A Strong Performer In Enterprise Public Cloud Platforms
Dec 29, 2014 - Google services such as Android, AdSense, Search, Maps, and so many other technologies. Look for that to be a key ... *[Vendor] chose not to participate in this Wave update, but its developments since our last analysis .... Despite its
Google Is A Strong Performer In Enterprise Public Cloud Platforms
Dec 29, 2014 - Tel: +1 617.613.6000 • Fax: +1 617.613.5000 • www.forrester.com ... Google services such as Android, AdSense, Search, Maps, and so .... Compute Engine virtual machine (e.g., instance type, network settings, persistent.
pdf-0943\encyclopedia-of-public-administration-and-public-policy ...
... of the apps below to open or edit this item. pdf-0943\encyclopedia-of-public-administration-and-public-policy-first-update-supplement-by-jack-rabin.pdf.
Memorandum - Texas Public Policy Foundation
May 21, 2004 - sound research and data on state issues, and by recommending the .... secondary role in learning, attention is diverted from the bigger, more .... The upward trend in Texas Assessment of Academic Skills (TAAS) ...... some point, howeve
Google Message Encryption - SPAM in a Box
dictate that your organization must secure electronic communications. Whether it is financial data ... document hosting and collaboration),. Google Page ... Edition (K-12 schools, colleges and universities) and Premier Edition (businesses of all size
Oracle Linux Support and Oracle VM Support Global Price List
1, 2. This document is the property of Oracle Corporation. Any reproduction of ... Oracle Linux Basic and Oracle Linux Network support services are available for ...
wioletta dziuda - Harris School of Public Policy - University of Chicago
Microeconomic Analysis, 1997-2000. Higher School of ... Microeconomic Analysis, 2005, 2006. Kellogg School of ... 2008-2013. Business Analytics, 2013-2014.