Encryption and Lawful Access

This project explores the use of encryption as a crucial tool for securing infrastructure, communications and information to support our digital society.

The Petya ransomware cyberattack hit computers of Russian and Ukrainian companies on 27 June 2017. Photo by Donat Sorokin/TASS/Getty.

In a world where privacy is rapidly disappearing, the debate concerning exceptional access to encrypted content has evolved, and there appears to be greater consensus in some countries that strong encryption is a vitally important security tool and should not be weakened, even for national security or law enforcement purposes.

Some governments are exploring how to legally require companies to provide access to encrypted content when requested by law enforcement or intelligence agencies. Although some assert this is achievable without weakening encryption, there are real concerns about the potential adverse consequences for the security of devices and services.

The UK already has this power due to the Investigatory Powers Act 2016, Australia is heading the same way with the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, and the US has tried to apply the All Writs Act through the courts to the same effect.

This project, in partnership with the Internet Society and MIT Internet Research Policy Initiative (IRPI), aims to stress-test exceptional access proposals with key decision-makers from all corners of society in a simulation exercise focusing on law enforcement access to a locked and encrypted smartphone, and to end-to-end encrypted messaging app messages.

The scenarios examine different methods available to law enforcement to gain access to such content, the steps involved in obtaining access, and the potential consequences of each method.

It builds on the work of the 2017 Internet Society-Chatham House Roundtable on Encryption and Lawful Access, where it was emphasized that the challenge is not encryption itself – more the challenge of accessing data.