This term I’ve been focused on the law of surveillance. The students are writing excellent papers (go, students – that second draft is due today!) and there’s a lot going on in the world on this topic.
Let’s start with the good news, from the perspectives of both law enforcement and US industry. Law enforcement now has more access than it ever had before to a complete picture of human activity: not just old-fashioned telephone calls on landlines, but also VoIP calls that interconnect with the traditional telephone system, stored email, files that have been uploaded to remote servers, images from surveillance cameras, reams of bank records under the Bank Secrecy Act and transactional records of all kinds. With appropriate overseen wiretap and stored communication processes, law enforcement has command over an enormous amount of information. (Some of the processes need to be rationalized so that service providers don’t get stuck in the middle responding to possibly under-supported requests, but that reform is underway.)
A vast array of the words and thoughts of mankind is now available for surveillance. With sufficient judicial oversight, it’s there for appropriate use by the authorities as they work to protect us from harm.
From the US economic perspective, there is a bright future in providing the online services and applications that the rest of the world needs. Millions of enterprises are depending on American cloud computing services. The packets generated by the world are often stored here. (I’m working on developing the best way to convey this positive economic story.) That’s all very good news.
But the rest of the world has to trust that US surveillance is constrained by adequate legal process, and that we haven’t required our manufacturers to build in counterproductive “back doors” into particular individual communications. If we don’t build and maintain this trust, and present ourselves as subject to the rule of law, cloud and communications services will simply move offshore to businesses that can be trusted or to open source products that can’t be controlled – we’ll kneecap American business.
The difficult current problem for law enforcement in this country comes when they need access to communications of a particular person that have been encrypted from one end of the communication to the other. No carrier will be able to help law enforcement in getting access to these edge-case communications, and businesses (including our own government) need to be able to rely on secure encryption.
So what’s the answer? Law enforcement may be suggesting (see FBI Director Mueller’s visit to Facebook earlier this week) that the answer is for the online communications provider to build in a back door – provide a key that law enforcement can use to understand what a particular person is saying online. But this approach, writ large, would pose enormous problems for the future of the US online communications platforms that are the basis of our new economy. Rebuild a popular end-user application so that warrants can be executed more easily – and lose the respect of the global marketplace, as the US is perceived as a locus for easy hacking, a honeypot for centralized access and roaming surveillance.
A better approach would be to have law enforcement, with appropriate process, access the keystrokes punched out by individual users on their devices. It’s slightly clumsier for the authorities, but they have access already to so much of our lives through other ways.
We should increase the resources and capacity of law enforcement to take advantage of the domestic authorities they already have; we should spur on the carriers (and others already required to make the execution of warrants easier) to respond more quickly; we should ensure that cooperation with law enforcement isn’t a begrudging afterthought by companies; and we should untangle and rationalize the level of judicial oversight required in the existing system. But we should also keep in mind the economic implications for our country of building backdoors into all encrypted communications, and avoid doing that if at all possible.
Great post, Susan. Thanks. I particularly liked your suggestion to, in so many words, leverage trust as a competitive differentiator. Now _ that’s _ a new twist on an old theme worthy of remembering
FAC
As long as we’re all clear that everything the US can see China can see as well, I don’t think there’s any problem embracing the cloud… don’t believe me… try getting to the cloud without using Huawei.
Now imagine you’re a Huawei executive and the Chinese government ask you for a little info…
We now know that the US ‘owned’ the Zerox copiers in all the Russian embassies in the 60′s and 70′s; be in no doubt that China now ‘owns’ a big percentage of our internet.