Professional Documents
Culture Documents
Documentgghghbtg
Documentgghghbtg
experts hav
e suggested that t
he rise of encrypte
d data is not Polic
y experts have sug
gested that the ris
e of encrypted dat
a is not the end ofi
ntelligence collect
ion because law e
nforcement can lo
ok to substitutes
—
othersources of in
telligence, such as
metadata
—
that prove to be ju
st as valuable or m
orevaluable than
decrypting encryp
ted data.
1
This paper focuse
s on the other side
of thatinsight: on
the substitutes av
ailable for privacy
-seekers beyond e
ncryption, such as
placing one’s data
in a jurisdiction th
at is beyond the re
ach of law enforce
ment. Thisframew
ork puts encryptio
n in context: there
are many ways to
keep one’s data pr
ivate,just as there
are many ways th
at the government
might get access t
o that data. While
encryption is typic
ally treated as a st
and-alone c
omputer security i
ssue, it is a piece o
fa larger debate ab
out government ac
cess to personal da
ta.
2
Law enforcement
officials are, in ge
neral, agnostic ab
out the method th
rough whichthey
obtain evidence
—
what matters is ob
taining it. Privacy-
seekers are simila
rlyagnostic about
how they secure t
heir privacy
—
what matters is ha
ving it. This mean
sthat policymaker
s have a wide set o
f options
—
not only about
whether
to allow lawenfor
cement to access
personal data, but
also
how
to do so. This wid
e set of optionsis
not reflected in th
e debate over encr
yption, which is ty
pically framed in
all-or-nothing ter
ms. Some privacy
advocates take a s
tance that seems t
o allow no roomfo
r compromise (an
argument that can
be boiled down to
“it’s math!”
3
) and somegovern
ment actors do th
e same (essentiall
y arguing, “it’s ter
rorism!”
4
). Widening thesc
ope of the policy d
iscussion to inclu
de related issues
—
what I will call “en
cryptionsubstitute
s”
—
may increase the c
hances of compro
mise and may gen
erate betterpolicy.
In this short essay,
I make a few simpl
e assumptions that
bear mentioning a
t the outset.First, I
assume that gover
nments have good
and legitimate rea
sons for getting ac
cessto personal da
ta. These include t
hings like controll
ing crime, fighting
terrorism, andreg
ulating territorial
borders. Second, I
assume that peopl
e have a right to e
xpectprivacy in th
eir personal data.
Therefore, policy
makers should see
k to satisfy bothla
w enforcement an
d privacy concern
s without unduly
burdening one or
the other.Of cours
e, much of the deb
ate over governme
nt access to data is
about how to resp
ect
Mettre en surbrillance
Partager la citation
Policy experts hav
e suggested that t
he rise of encrypte
d data is not the e
nd ofintelligence c
ollection because l
aw enforcement c
an look to substitu
tes
—
othersources of in
telligence, such as
metadata
—
that prove to be ju
st as valuable or m
orevaluable than
decrypting encryp
ted data.
1
This paper focuse
s on the other side
of thatinsight: on
the substitutes av
ailable for privacy
-seekers beyond e
ncryption, such as
placing one’s data
in a jurisdiction th
at is beyond the re
ach of law enforce
ment. Thisframew
ork puts encryptio
n in context: there
are many ways to
keep one’s data pr
ivate,just as there
are many ways th
at the government
might get access t
o that data. While
encryption is typic
ally treated as a st
and-alone c
omputer security i
ssue, it is a piece o
fa larger debate ab
out government ac
cess to personal da
ta.
2
Law enforcement
officials are, in ge
neral, agnostic ab
out the method th
rough whichthey
obtain evidence
—
what matters is ob
taining it. Privacy-
seekers are simila
rlyagnostic about
how they secure t
heir privacy
—
what matters is ha
ving it. This mean
sthat policymaker
s have a wide set o
f options
—
not only about
whether
to allow lawenfor
cement to access
personal data, but
also
how
to do so. This wid
e set of optionsis
not reflected in th
e debate over encr
yption, which is ty
pically framed in
all-or-nothing ter
ms. Some privacy
advocates take a s
tance that seems t
o allow no roomfo
r compromise (an
argument that can
be boiled down to
“it’s math!”
3
) and somegovern
ment actors do th
e same (essentiall
y arguing, “it’s ter
rorism!”
4
). Widening thesc
ope of the policy d
iscussion to inclu
de related issues
—
what I will call “en
cryptionsubstitute
s”
—
may increase the c
hances of compro
mise and may gen
erate betterpolicy.
In this short essay,
I make a few simpl
e assumptions that
bear mentioning a
t the outset.First, I
assume that gover
nments have good
and legitimate rea
sons for getting ac
cessto personal da
ta. These include t
hings like controll
ing crime, fighting
terrorism, andreg
ulating territorial
borders. Second, I
assume that peopl
e have a right to e
xpectprivacy in th
eir personal data.
Therefore, policy
makers should see
k to satisfy bothla
w enforcement an
d privacy concern
s without unduly
burdening one or
the other.Of cours
e, much of the deb
ate over governme
nt access to data is
about how to resp
ect
Mettre en surbrillance
Partager la citation
the eLa plus
grandend ofintelli
gence collection b
ecause law enforc
ement can look to
substitutes
—
othersources of in
telligence, such as
metadata
—
that prove to be ju
st as valuable or m
orevaluable than
decrypting encryp
ted data.
1
This paper focuse
s on the other side
of thatinsight: on
the substitutes av
ailable for privacy
-seekers beyond e
ncryption, such as
placing one’s data
in a jurisdiction th
at is beyond the re
ach of law enforce
ment. Thisframew
ork puts encryptio
n in context: there
are many ways to
keep one’s data pr
ivate,just as there
are many ways th
at the government
might get access t
o that data. While
encryption is typic
ally treated as a st
and-alone c
omputer security i
ssue, it is a piece o
fa larger debate ab
out government ac
cess to personal da
ta.
2
Law enforcement
officials are, in ge
neral, agnostic ab
out the method th
rough whichthey
obtain evidence
—
what matters is ob
taining it. Privacy-
seekers are simila
rlyagnostic about
how they secure t
heir privacy
—
what matters is ha
ving it. This mean
sthat policymaker
s have a wide set o
f options
—
not only about
whether
to allow lawenfor
cement to access
personal data, but
also
how
to do so. This wid
e set of optionsis
not reflected in th
e debate over encr
yption, which is ty
pically framed in
all-or-nothing ter
ms. Some privacy
advocates take a s
tance that seems t
o allow no roomfo
r compromise (an
argument that can
be boiled down to
“it’s math!”
3
) and somegovern
ment actors do th
e same (essentiall
y arguing, “it’s ter
rorism!”
4
). Widening thesc
ope of the policy d
iscussion to inclu
de related issues
—
what I will call “en
cryptionsubstitute
s”
—
may increase the c
hances of compro
mise and may gen
erate betterpolicy.
In this short essay,
I make a few simpl
e assumptions that
bear mentioning a
t the outset.First, I
assume that gover
nments have good
and legitimate rea
sons for getting ac
cessto personal da
ta. These include t
hings like controll
ing crime, fighting
terrorism, andreg
ulating territorial
borders. Second, I
assume that peopl
e have a right to e
xpectprivacy in th
eir personal data.
Therefore, policy
makers should see
k to satisfy bothla
w enforcement an
d privacy concern
s without unduly
burdening one or
the other.Of cours
e, much of the deb
ate over governme
nt access to data is
about how to resp
ect
Mettre en surbrillance
Partager la citation