Encryption Pros & Cons: a balancing act
By adeolaakinla, on 9 December 2021
By Adeola Akinla, Ayesha Gulley, Kirthika Selvakumar and Zoe Tilsiter
From securing financial transactions to enabling secure communications online, encryption plays a vital role in how we use the Internet today.1 However, recently there have been calls by state actors to undermine encryption as bad actors can also exploit the confidentiality it provides to commit crime, thereby creating an investigative barrier for law enforcement and intelligence agencies (LEIAs).2,3 Although seemingly justified, this intent does not consider the benefits encryption provides to multiple groups including individual users, activists, journalists and industry.3,4
In partnership with the Internet Society (ISOC), our research sought to uncover factors impacting stakeholders in the encryption debate, with the aim of producing an impact assessment and decision-making framework targeted at policymakers. These factors were examined through two lenses: socio-political and economic. The socio-political lens includes the implications on human rights, national security and public safety. ISOC requested that the economic lens be investigated citing the apparent lack of evidence showing the economic effects of weakening encryption; this entailed innovation, consumer trust and economic competitiveness.
Our research, therefore, addressed the overarching question “What should policymakers be aware of and consider in their decisions concerning the weakening of encryption technologies?”
Fig. 1: Research questions
We adopted a multimethodological approach to answering the research questions. Desk-based research included a rapid evidence assessment and a systematic grey literature review. The identified academic and grey evidence was consequently mapped onto a causal loop diagram to understand the interactions of various issues within the encryption debate. Primary research consisted of semi-structured interviews with stakeholder representatives from civil society, industry and policymaker groups. Interview data was analysed using a modified multi-criteria decision analysis method. This method was selected as it allowed for the analysis of multiple concerns and priorities that feature in stakeholders’ decision-making.
As Fig. 2 shows, economic effects of weakening encryption include reduced consumer trust, stifled technological innovation and diminished e-commerce activity which decrease economic competitiveness thus creating a net negative economic impact. Similarly, there is an apparent net negative socio-political outcome as increased criminal activity, compromised national security and infringements to individual rights are possible socio-political consequences of weakening encryption.
Fig. 2: Causal loop diagram
The primary research revealed valuable insights; while some perspectives were reflective of each interview group’s concerns, others were expressed by all three groups. For instance, interviewees broadly acknowledged the importance of encryption in preserving rights and the need for law enforcement to investigate crime, subject to existing frameworks to prevent the abuse of exceptional access. Conversely, compared to the policymaker group, the civil society and industry interviewees prioritised cybersecurity and trust in state actors as the most significant factors. In contrast, factors considered highly by the policymaker group were human rights and the purpose of encryption. Collectively, our research identified 66 factors from the interviewees which were grouped into 11 distinct codes (Fig. 3). These factors, combined with findings from the desk-based research, informed the design of our deliverables – the impact assessment and decision-making framework.
Fig. 3: Identified research codes
The impact assessment showed that the risks of weakening encryption outweigh any perceived benefits. Importantly, while the research indicated possible socio-political benefits to include the preservation of national security, there were no noted economic gains to weakening encryption. Additionally, the socio-political benefits could be achieved through less technologically invasive and more targeted means like government hacking.5
The decision-making framework focused on deliberative questions emphasising socio-political and economic concerns along three themes: Purpose of weakening encryption technologies, LEIA capacity requirements and Geopolitical effects of weakening encryption technologies. As a non-prescriptive framework reflecting the multi-layered nature of the encryption discussion, it encourages a participatory approach and the inclusion of impacts on under-represented groups in the decision-making processes around encryption. Policymakers are thus advised to apply it within the context of their respective national priorities or governance styles.
This research enhanced ISOC’s encryption work by including evidence from the Global South, collecting evidence on the under-researched economic lens and developing a coding framework that could be applied in future research. Based on the findings, we recommended that ISOC advance their ongoing advocacy work by stress-testing the decision-making framework to verify its robustness and practicality. This could be done through personas or wargaming to see how the framework fares under different contexts or systems of governance.
Since their final submission, the group has presented their research findings to the global ISOC encryption team. The team will also be presenting at the 10th African Internet Governance Forum on 14 December 2021 by 10.15 GMT, at a session titled “A Decision Framework for Regulating Encryption”. For those interested, you can register to attend the forum here.
- Encryption [Internet]. Internet Society. [cited 2021 Nov 17]. Available from: https://www.internetsociety.org/issues/encryption/
- Koops B-J, Kosta E. Looking for Some Light Through the Lens of ‘Cryptowar’ History: Policy Options for Law Enforcement Authorities Against ‘Going Dark’ [Internet]. Rochester, NY: Social Science Research Network; 2018 Sep [cited 2021 Aug 10]. Report No.: ID 3249238. Available from: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3249238
- Dheri P, Cobey D. Lawful Access & Encryption in Canada: A Policy Framework Proposal [Internet]. Rochester, NY: Social Science Research Network; 2019 Oct [cited 2021 Aug 10]. Report No.: ID 3470957. Available from: https://papers.ssrn.com/abstract=3470957
- Article 19. Russia: Blocking Telegram is a serious violation of freedom of expression and privacy [Internet]. ARTICLE 19. 2018 [cited 2021 Aug 10]. Available from: https://www.article19.org/resources/russia-blocking-telegram-serious-violation-freedom-expression-privacy/
- Herpig – 2017 – Government Hacking Computer Security vs. Investig.pdf [Internet]. [cited 2021 Aug 10]. Available from: https://www.stiftung-nv.de/sites/default/files/snv_tcf_government_hacking-problem_analysis_0.pdf