Varia Co-Authors ‘Lawfare’ Article Calling for Truce in Crypto-Wars
In a piece published in the national security blog Lawfare, BU cryptography researcher Mayank Varia makes the case for a “crypto-armistice” between the government and the technology community as a way to both repair a fractious relationship and increase the likelihood that a viable long-term solution to the privacy versus security debate can be cooperatively developed.
Writing with co-authors Alan Z. Rozenshtein, Visiting Assistant Professor of Law at the University of Minnesota Law School, and Charles Wright, Assistant Professor in the Computer Science Department at Portland State University, Varia considers the role government can play in the debate around law-enforcement access to encrypted data. The authors emphasize the special role Congress can play with its financial and administrative controls: not only in government spending but also in its authority to use funding and legislative mandates to require federal, state, and local agencies to keep detailed examples of situations in which encryption has impeded government investigations.
They propose that Congress directly fund research into secure third-party-access systems while also tracking instances in which encryption has caused the government to drop an investigation, use other techniques, or even defy encryption, so that agencies can be given specific capability requirements. Even with this process in place, however, third-party-access systems will not be developed immediately; while these technologies can take years to develop, Varia and his co-authors argue it shouldn’t disqualify the necessity for research and development but instead provide a realistic goal.
With both sides assuming that the other is acting in bad faith, the trust between the technology community and government is broken, and Varia, Rozenshtein and Wright argue that a “crypto-armistice could help bridge the divide between the government and the technology community.” Improving the relationship will create more effective collaboration, as many instances illustrated that escalating issues into the courthouse has caused both sides to attack each other rather than work together. The authors conclude that the best option for the government would be to support a legislative armistice requiring companies to implement security functions in its products or services to allow the surveillance of users by the government.