Keys Under Doormats
Dovetailing into last week’s musings about the need for computer science education as part of standard school curriculum, a group of researchers at and around MIT have published a new report on the topic of law enforcement’s need for access to private (personal or corporate) data. While this need may be valid, how to implement it in acceptable way is not necessarily obvious, and lawmakers need to think through a number of important questions.
One particularly interesting passage, highlighting the value of understanding computer science in the public sphere:
With people’s lives and liberties increasingly online, the question of whether to support law enforcement demands for guaranteed access to private information has a special urgency, and must be evaluated with clarity. From a public policy perspective, there is an argument for giving law enforcement the best possible tools to investigate crime, subject to due process and the rule of law. But a careful scientific analysis of the likely impact of such demands must distinguish what might be desirable from what is technically possible. In this regard, a proposal to regulate encryption and guarantee law enforcement access centrally feels rather like a proposal to require that all airplanes can be controlled from the ground. While this might be desirable in the case of a hijacking or a suicidal pilot, a clear-eyed assessment of how one could design such a capability reveals enormous technical and operational complexity, international scope, large costs, and massive risks — so much so that such proposals, though occasionally made, are not really taken seriously.
We have shown that current law enforcement demands for exceptional access would likely entail very substantial security risks, engineering costs, and collateral damage. If policy-makers believe it is still necessary to consider exceptional access mandates, there are technical, operational, and legal questions that must be answered in detail before legislation is drafted.
Legislators need to understand technical topics related to information security and privacy in order to write and vote on legislation in a rational way. Citizen constituents need to understand these same topics in order to do their part in voicing their opinions to their representatives and in voting them into or out of office.
More: read the report.