The Effect of Encryption on Lawful Access to Communications and Data (CSIS Reports) by James A. Lewis & Denise E. Zheng & William A. Carter

Author:James A. Lewis & Denise E. Zheng & William A. Carter [Lewis, James A.]
Language: eng
Format: azw3
ISBN: 9781442279964
Publisher: Center for Strategic & International Studies
Published: 2017-02-24T05:00:00+00:00

China has taken a number of steps that likely improve its ability to access plaintext without the cooperation or knowledge of service providers. China requires many companies to store data in China (physical access can provide advantages in gaining access to data). The Chinese government controls its national telecom service providers (providing easy access to traffic). It imposes encryption design mandates on some IT products, and may have used espionage techniques to gain access to data and passwords. China has also passed a counterterrorism law that requires telecom operators and “enterprises providing encrypted transmission services” to “install technical interfaces” and “report cryptography schemes” to the government. Its new cybersecurity law, passed in November 2016, also requires companies to provide technical support to government agencies conducting investigations. American companies that wish to do business in China will find increasing constraints on the encryption services they can offer.4 China is also pursuing an industrial strategy to develop national products that will compete with (and perhaps replace) foreign IT products.

In France, encryption providers are required to enter into agreements with the government to facilitate access to data they encrypt or face fines, and the prime minister’s office can ban encryption services that fail to meet their legal obligations.5 U.K. law has two key provisions for access. The first allows the home secretary to issue orders to communications providers to maintain the capability to facilitate intercepts, while the second allows decryption orders that require anyone in possession of encrypted data and the keys needed to decrypt that data to facilitate decryption for law enforcement.6 The Investigatory Powers Bill, passed into law in late November 2016, reinforces many existing surveillance authorities, but may allow companies to contest an order to maintain the capability to decrypt communications if it is unreasonably costly or technically infeasible.7 The scope of implementation and enforcement of these laws varies. France and the United Kingdom both allow iPhone users to access end-to-end encrypted messaging apps like WhatsApp and Viber. Brazil has had high-profile battles over encryption as part of its larger investigation into corruption among senior government officials, attempting to force WhatsApp to facilitate decryption by shutting down its service in the country and jailing its executives.8 WhatsApp was unable to facilitate access to customer communications in response to a court order. WhatsApp remains the most popu lar messaging app in the country, used by more than 100 million Brazilians, or more than 50 percent of the population. The app is popu lar with smartphone users in many developing countries because it provides a free messaging service.

India has had some of the most sweeping powers to govern encryption in the world on the books since 2000, including mandates for both users and service providers to maintain the capability to decrypt or face prison, as well as the authority to prescribe specific implementations of encryption. However, these laws are not implemented. When the Indian government issued proposed rules to implement the policy in 2015, the rules met with fierce opposition and were retracted in a matter of days.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.