The Encryption Dilemma 2.0: A Transatlantic Perspective
An online conference
May 8th 2017
11:00am – 1:30pm
Registration available at citicepsencryption.eventbrite.com
Encryption has been for years at the center of debate between online privacy and national security. The issue has now reached urgency. There are many open questions.
- After a terrorist attack in San Bernardino, CA, the FBI could not open a terrorist’s i-Phone because it was locked against third party access. The FBI asked Apple, through a court order, to facilitate the access to the device but Apple refused, arguing that the government did not have legal authority. During the Presidential campaign, Donald Trump chastised Apple for not providing a “back door”. He vowed to “penetrate the Internet” to fight ISIS. Where is this going now when it comes to weakening encryption?
- Encryption is becoming widespread to protect data-in-motion and data-at-rest. Today the majority of Internet traffic is encrypted; end-to-end encryption is applied to mobile applications and secure devices. What are the implications?
- The trend to a cloud-based environment is making mobile devices into portals to cloud-based applications and data storage. This reduces the need for law enforcement access to encrypted data on the end-devices. How challenging will be to identify and locate the relevant data under a warrant in the cloud if the data is spread out in the cloud in different geographic points or jurisdictions?
- With some empirical evidence on hand, can one observe encryption as a game-changer for criminal investigations or it is only slowing down the process of accessing the data? Are law enforcement agencies really “going dark”? How effective are the lawful government efforts to bypass encryption?
- Is the lack of clear and relevant policy and legal frameworks on encryption in the USA and in Europe inhibiting the possibility of finding solid cooperation between law enforcement and technology companies to provide lawful access to data?
A new level of cooperation between law enforcement and technology providers will be required to guarantee several important societal values: privacy and security for individuals; access to information in support of criminal or national security investigations; and business confidence in the security of their products and transactions.
- What role can be played by ad hoc cooperation and public-private partnerships (PPPs) of industry, the research community, and public agencies? How could they be created?
- Some European agencies suggest that feasible solutions to decryption without weakening the protective mechanisms must be offered, and should be the result of a close cooperation between industry partners and the research community with expertise in crypto-analyses.
- US law enforcement agencies have suggested systems such as trusted platforms for key escrow between multiple parties. Can this be considered a viable solution?
- Some scientists suggest crypto systems breakable only with an enormous effort such that only targeted access would be economically feasible. Is this a possible option?
- Should a cooperation identify specifications for the real needs of law enforcement agencies for access to data?
- The European Union has different requirements on privacy issues than the United How do these different approaches affect encryption policy? Can a transatlantic dialogue between Europe and the USA help in finding solutions?
In this online conference, experts from the US and Europe will provide analysis and recommendations.
Eli Noam, Columbia University & CITI / Lorenzo Pupillo Center for European Policy Studies & CITI
The Encryption Dilemma 2.0: the Current Debate in the US & Europe (11:05 – 12:15pm)
Moderator: Lorenzo Pupillo Senior Research Fellow CEPS & CITI
David Clark, Senior Research Scientist, Massachusetts Institute of Technology
Monika Kopcheva, Political Administrator, Council of the European Union
Christopher Savage, CIPP/US
Walter van Holst, European Digital Rights (EDRi)
The Encryption Dilemma: Is the PPP approach the way forward ? (12:15 – 1.15pm)
Moderator: Eli Noam, Professor, Columbia Business School
Demosthenes Ikonomou, Head of Operational Security, European Union Agency for Network and Information Security
Prashanth Mekala, Supervisory Special Agent, Cyber Division, FBI
Axel Petri, Senior VP Group Security, Deutsche Telekom
Niloofar Razi Howe, Senior VP RSA Solutions Inc.
Open discussion of participants and speakers (1:15pm-1:30 pm)