0111 01100101 00100000 01110100 01101000 01100101 00100000 01010000 0110010
01101111 01110000 01101100 01100101 00100000 01101111 01100110 00100000 0111010
01101000 01100101 00100000 01010101 01101110 01101001 01110100 01100101 0110010
June 2016
00100000 01010011
01110100 01100001 01110100 01100101 01110011 00101100 0010000
01101001 01101110 00100000 01001111 01110010 01100100 01100101 01110010 0010000
01110100 01101111 00100000 01100110 01101111 01110010 01101101 00100000 0110000
00100000 01101101 01101111 01110010 01100101 00100000 01110000 01100101 0111001
01100110 01100101 01100011 01110100 00100000 01010101 01101110 01101001 0110111
01101110 00101100 00100000 01100101 01110011 01110100 01100001 01100010 0110110
01101001 01110011 01101000 00100000 01001010 01110101 01110011 01110100 0110100
01100011 01100101 00101100 00100000 01101001 01101110 01110011 01110101 0111001
01100101 00100000 01100100 01101111 01101101 01100101 01110011 01110100 0110100
01100011 00100000 01010100 01110010 01100001 01101110 01110001 01110101 0110100
01101100 01101001 01110100 01111001 00101100 00100000 01110000 01110010 0110111
01110110 01101001 01100100 01100101 00100000 01100110 01101111 01110010 0010000
01110100 01101000 01100101 00100000 01100011 01101111 01101101 01101101 0110111
01101110 00100000 01100100 01100101 01100110 01100101 01101110 01100011 0110010
00101100 00100000 01110000 01110010 01101111 01101101 01101111 01110100 0110010
00100000 01110100 01101000 01100101 00100000 01100111 01100101 01101110 0110010
01110010 01100001 01101100 00100000 01010111 01100101 01101100 01100110 0110000
01110010 01100101 00101100 00100000 01100001 01101110 01100100 00100000 0111001
01100101 01100011 01110101 01110010 01100101 00100000 01110100 01101000 0110010
00100000 01000010 01101100 01100101 01110011 01110011 01101001 01101110 0110011
01110011 00100000 01101111 01100110 00100000 01001100 01101001 01100010 0110010
01110010 01110100 01111001 00100000 01110100 01101111 00100000 01101111 0111010
01110010 01110011 01100101 01101100 01110110 01100101 01110011 00100000 0110000
01101110 01100100 00100000 01101111 01110101 01110010 00100000 01010000 0110111
01110011 01110100 01100101 01110010 01101001 01110100 01111001 00101100 0010000
01100100 01101111 00100000 01101111 01110010 01100100 01100001 01101001 0110111
00100000
01100001
01101110
01100100
00100000
01100101
01110011
HOUSE
HOMELAND
SECURITY
COMMITTEE
MAJORITY
STAFF
REPORT01110100 0110000
01100010 01101100 01101001 01110011 01101000 00100000 01110100 01101000 0110100
01110011 00100000 01000011 01101111 01101110 01110011 01110100 01101001 0111010
01110101 01110100 01101001 01101111 01101110 00100000 01100110 01101111 0111001
00100000 01110100 01101000 01100101 00100000 01010101 01101110 01101001 0111010
01100101 01100100 00100000 01010011 01110100 01100001 01110100 01100101 0111001
00101100 00100000 01110000 01110010 01101111 01101101 01101111 01110100 0110010
00100000 01110100 01101000 01100101 00100000 01100111 01100101 01101110 0110010
01110010 01100001 01101100 00100000 01010111 01100101 01101100 01100110 0110000
01110010 01100101 00101100 00100000 01100001 01101110 01100100 00100000 0111001
01100101 01100011 01110101 01110010 01100101 00100000 01110100 01101000 0110010
00100000 01000010 01101100 01100101 01110011 01110011 01101001 01101110 0110011
01110011 00100000 01101111 01100110 00100000 01001100 01101001 01100010 0110010
01110010 01110100 01111001 00100000 01110100 01101111 00100000 01101111 0111010
01110010 01110011 01100101 01101100 01110110 01100101 01110011 00100000 0110000
01101110 01100100 00100000 01101111 01110101 01110010 00100000 01010000 0110111
01110011 01110100 01100101 01110010 01101001 01110100 01111001 00101100 0010000
01100100 01101111 00100000 01101111 01110010 01100100 01100001 01101001 0110111
00100000 01100001 01101110 01100100 00100000 01100101 01110011 01110100 0110000
01110010 01110100 01111001 00100000 01110100 01101111 00100000 01101111 0111010
01110010 01110011 01100101 01101100 01110110 01100101 01110011 00100000 0110000
01101110 01100100 00100000 01101111 01110101 01110010 00100000 01010000 0110111
01110011 01110100 01100101 01110010 01101001 01110100 01111001 00101100 0010000
01100100 01101111 00100000 01101111 01110010 01100100 01100001 01101001 0110111

GOING DARK, GOING FORWARD

A PRIMER ON THE ENCRYPTION DEBATE

 CONTENT
Executive Summary
Introduction
I. Encryption, Security, and the Modern Economy
 Smartphones
 
The Internet
 
Impact on the Modern Economy
 
Impact on Financial Services
 
Impact on E-commerce and Retail
 
Impact on Healthcare

 

II. Encryption, Public Safety, and Law Enforcement 
 
 
 

The Digital Crime Scene
Compelling Assistance
Encryption and Terrorism

III. Encryption Around the Globe: A Patchwork of Legislative Responses
 
United Kingdom
 France
 
The Netherlands
 Germany
 
European Union
 China

India
Iran
Brazil
United Nations
United States
Congressional Legislative Proposals

IV. No Simple Solution: Trade Offs And Trends

V. Building Consensus in the Face of Complex Challenges: A Need for National Dialogue

Appendix – Legal Standards for Obtaining Digital Evidence

2

 Executive Summary
Public engagement on encryption issues surged following the 2015 terrorist attacks
in Paris and San Bernardino, particularly when it became clear that the attackers used
encrypted communications to evade detection—a phenomenon known as “going dark.”
While encryption provides important benefits to society and the individual, it also makes it
more difficult for law enforcement and intelligence professionals to keep us safe.
Some have framed the debate surrounding encryption as a battle between privacy and
security. Our extensive discussions with stakeholders, however, have led us to conclude that
the issue is really about security versus security: encryption protects critical infrastructure,
trade secrets, financial transactions, and personal communications and information. Yet
encryption also limits law enforcement’s ability to track criminals, collect evidence, prevent
attacks, and ensure public safety. Initially, lawmakers and some among law enforcement
personnel believed the solution was simple: statutorily authorize law enforcement access
to obtain encrypted data with a court order. Unfortunately, this proposal was riddled with
unintended consequences, particularly if redesigning encryption tools to incorporate
vulnerabilities—creating what some refer to as “backdoors”—actually weakened data
security. Indeed those vulnerabilities would naturally be exploited by the bad guys—and
not just benefit the good guys.
The global technology industry is undergoing rapid change. Consumers now demand that
companies incorporate encryption into their products and services as a matter of routine
practice. We are just beginning to understand the implications of this transformation. If
the U.S. placed burdensome restrictions on encryption, American technology companies
could lose their competitive edge in the global marketplace. Moreover, studies suggest
that two-thirds of the entities selling or providing encrypted products are outside of the
United States. Thus, bad actors could still obtain the technology from foreign vendors
irrespective of U.S. legislative action.
Over the course of the past 12 months, Members and staff of the House Committee on
Homeland Security have held more than 100 meetings and briefings, both classified and
unclassified, with key stakeholders impacted by the use of encryption. As a result of our
robust investigation, the Committee staff has come to understand that there is no silver
bullet regarding encryption and “going dark.” While we benefited tremendously from our
engagement with stakeholders, we did not discover any simple solutions. No matter what
path emerged, there were always troublesome trade-offs. Thus, in our estimation, the
best way for Congress and the nation to proceed at this juncture is to formally convene a
commission of experts to thoughtfully examine not just the matter of encryption and law
enforcement, but law enforcement’s future in a world of rapidly evolving digital technology.

3

 We believe that experts in the fields of commercial technology, computer science and
cryptology, privacy and civil liberties, law enforcement, intelligence, and global economics
are best equipped to deconstruct this extraordinarily complex problem, and propose
novel solutions that will stand the test of time. House Homeland Security Chairman
Michael McCaul (R-TX) and Senator Mark Warner (D-VA) have proposed the formation of
a National Commission on Security and Technology Challenges (hereinafter, “Digital
Security Commission”) to bring these experts together to engage one another directly
and, over the course of a year, develop policy and legislative recommendations to present
to Congress. The report the Commission will produce will also serve as an invaluable
reference document, providing a better understanding of this issue for Congress and the
American public, and helping to forge a national consensus on solutions that preserve
American innovation, strengthen our competitiveness, and preserve the rule of law.
The Committee has produced this primer
to briefly describe important themes and
considerations surrounding the widespread
use of encryption technologies—including
the practical and economic value encryption
brings to certain industries and the wider
market; the impact ubiquitous encryption
is having on law enforcement; the ways
in which various governments around the
world are responding to this challenge; and
a discussion of some existing legislative
proposals. Finally, this document explains
why future progress in addressing these
challenges will likely depend on a more
formal national discussion involving the
necessary stakeholders in the form of a
national commission on digital security.

Introduction

Committee members & staff held
over 100 meetings on this issue
with technology industry leaders;
the Intelligence Community,
State, local & Federal law
enforcement associations &
agencies; District Attorneys &
Prosecutors; privacy advocates;
cryptologists, technologists
& academics; & foreign data
protection officials.
This effort has included
classified briefings, site visits,
roundtables, & research.
Over the course of the past year,
the Committee has received
the input of concerned voices
across Congress & across the
country.

American innovation and ingenuity has
spurred the development of technologies
that make it easier to travel, communicate,
research, create, produce and distribute
quality goods, and generally improve
quality of life—not only for Americans, but
for people around the world. So too, since our founding, the U.S. has been dedicated to
preserving and expanding the rule of law, including the pursuit of justice at home and the
promotion of American values abroad. These two ideas have remained hallmarks of the
American identity for nearly two hundred and fifty years. Even today, they jointly continue
to inform our progress toward a “more perfect union.”

4

 Yet, through the course of our history, the concepts of innovation and regulation have
sometimes seemed at odds with one another. Congress and the American people have
always sought to strike the right balance between the rule of law and individual liberty.
Several examples illustrate this point, including debates surrounding the development
of a robust anti-money laundering regime in online and in-person banking in the 1980s
and 1990s; the Communications Assistance for Law Enforcement Act in the early 1990s;
the appropriate use of “roving wiretaps” in response to the widespread adoption of
mobile communications in the early 2000s; and current discussions on the proper role of
commercial drone technology in public and private arenas.
In recent years, we have been presented with one more example of this challenge: the
widespread use of encryption by the general public and the exploitation of this technology
by criminals and terrorists. This debate has been accelerated by the allegations made
by former federal contractor Edward Snowden regarding government surveillance and
privacy and the rise of the tech-savvy Islamic State of Iraq and Syria (ISIS) and its attacks
against the West. In describing the issue, Secretary of Homeland Security Jeh Johnson
noted, “The current course we are on, toward deeper and deeper encryption in response
to the demands of the marketplace, is one that presents real challenges for those in law
enforcement and national security … We in government know that a solution to this dilemma
must take full account of the privacy rights and expectations of the American public, the
state of technology and the cybersecurity of American businesses.”1 Clearly, the problem
at hand is complex.

According to FBI Director James Comey, “Going Dark” refers to the
phenomenon in which law enforcement personnel have the “legal
authority to intercept and access communications and information
pursuant to court order,” but “lack the technical ability to do so.”

What’s more, many stakeholders involved in the discussions surrounding this issue feel
their motives, patriotism, and even their intelligence are called into question by those who
oppose their point of view. As a result, relationships have been damaged and progress
has been stymied.
In an effort to find solutions, the House Homeland Security Committee engaged all relevant
parties to identify steps that could be taken toward a solution. The Committee held more
than 100 meetings with various stakeholders—including experts from the technology
industry, federal, State, and local law enforcement, privacy and civil liberties, computer
science and cryptology, economics, law and academia, and the Intelligence Community.
This process, which took place over the course of more than a year, revealed the significant
complexities surrounding not only the use of encryption by criminals and terrorists, but
also the overall challenges associated with how U.S. law enforcement and intelligence
agencies adapt to rapid advances in technology.
5

 As a result of its investigation, the Committee developed seven general findings:
1. Encryption plays a vital role in modern society, and increasingly widespread use of
encryption in digital communications and data management has become a “fact of
life.”
2. Law enforcement entities face real and persistent challenges when they encounter
encrypted communications during the course of investigations and prosecutions.
In some situations, encryption restricts law enforcement’s ability to successfully
prosecute cases or to identify and mitigate threats to public safety and national
security.
3. Today, more than ever before, technology, public safety, and counterterrorism
are inextricably linked. Technology, such as encryption, protects our data and our
infrastructure, and helps to ensure the privacy of our citizens; yet it is also exploited
by bad actors, including drug traffickers, child predators, and terrorists, to facilitate
criminal activities, and threaten our national security. Thus, what we are really
dealing with is not so much a question of “privacy versus security,” but a question
of “security versus security.”
4. Governments worldwide are struggling to address the challenge of “security versus
security,” and are exploring multiple policy and legislative responses. This is resulting
in a patchwork of inconsistent laws and proposals governing the same issue to the
detriment of law-abiding citizens and the benefit of criminals and terrorists.
5. Any legislative “solutions” yet proposed come with significant trade-offs, and
provide little guarantee of successfully addressing the issue. Lawmakers need to
develop a far deeper understanding of this complex issue before they attempt a
legislative fix.
6. The impacted parties themselves need to directly engage one another in an honest
and in-depth conversation in order to develop the factual foundation needed to
support sustainable solutions.
7. The debate surrounding the abuse of widely available encryption technology is
part of a larger question of ensuring that law enforcement and national security
efforts keep pace with technological advancement without undermining American
competitiveness and American values.

6

 I. Encryption, Security, and the Modern Economy
Smartphones
The speed with which society has absorbed
mobile
communication
devices
and
sophisticated communication platforms into
daily life is staggering. Only a few years ago,
cell phone capabilities were normally limited to
phone calls and text messages. But according
to a survey released in April 2015, nearly two
thirds of Americans now own a smartphone
that provides Internet access and stores vast
amounts of personal data.2 A separate report
suggests there are approximately 2.6 billion
smartphone subscriptions worldwide.3

2.6 BILLION

smartphone subscriptions
worldwide

Because a single device can now contain a phone, camera, and global positioning system
(GPS), as well as access to email, social media, and web browsing, and can store sensitive
information like health records and financial data, users have come to expect their devices
to be secure. Therefore, many smartphone users rely on password protection, encryption,
and other security features to safeguard the content of their devices. In many ways, the
smartphone has reshaped our thinking about privacy and security.

At its most basic, encryption is a process of limiting access to data
by “using a code or mathematical algorithm so as to [make the data]
unintelligible to unauthorized readers.”
The American Heritage Science Dictionary

The Internet
A 2012 report published by the Boston Consulting Group estimated that by 2016, half the
world’s population will be using the Internet, and the value of the Internet within the G-20
economies would reach $4.2 trillion.4 According to the Internet Association, in 2014, the
Internet sector contributed $966.2 billion to the U.S. economy, or 6 percent of real GDP.5
Today, more than half the world’s population—and 84 percent of American adults—use
the Internet.6
Moreover, the physical world is becoming increasingly connected to the Internet. From
critical infrastructure systems like water treatment plants and electrical grids, to financial
institutions, to new models of automobiles and everyday household appliances, the

7

 “internet of things” (IoT) is on the rise. This has created new concerns about the security of
networks. As more and more consumer facing “things” become interconnected, the public
will likely demand that encryption be made available for everyone and everything.
Impact on the Modern Economy
Nearly every aspect of the modern economy benefits from advancements in digital
communications—and the security of those communications is critical. A 2016 study from
the Ponemon Institute reports that 85 percent of more than 5,000 information technology
(IT) professionals surveyed globally said that their organizations have an encryption
strategy, and 37 percent said it was applied consistently across the enterprise.7 This is
a substantial increase from a survey Ponemon conducted in 2005 which found that an
astounding 38 percent of U.S. organizations had no encryption strategy in place at all.8
While it is not possible to quantify exactly how much economic growth has been supported
by the use of encryption, it is generally accepted that the ability of major firms to protect
their customers’ data will continue to be an important factor. Thus far, the evidence suggests
that Americans have clearly embraced encryption as the best means to safeguard their
information and transactions online.
Impact on Financial Services
Banks and other financial institutions
invest heavily in encryption technologies
to protect their networks and safeguard
their information. In fact, due in part to
regulatory demands and best practices,
the “financial sector accounts for
approximately 44 [percent] of [the] global
encryption software market,” according
to a recent report.9 American consumers
expect their financial data to remain both
accessible and secure.

44% of encryption

software market is for
financial services

30 MILLION

households use online
banking on mobile devices

Indeed, 51 percent of U.S. adults, or 61 percent of Internet users, bank online. And, as of
2013, approximately 30 million households report using online banking through mobile
devices.10 The banking and financial services industry has long been recognized as a leader
in security. As a 2011 survey from the analytics firm comScore points out, “customers still
reported feeling more secure on their [financial institution’s] website than on the Internet
as a whole.”11
This confidence in online banking has sparked innovation and improvements over time. A
Federal Reserve Payments Study from 2013 found that although paper checks continue “to
persist as a significant portion of noncash payments … interbank processing and clearing
of these checks are virtually all electronic.”12 Without strong encryption protecting these

8

 transfers, the number of fraudulent transactions would undoubtedly be significantly higher.
Data breaches for financial institutions are among the primary motivations for the industry’s
heavy investment in encryption.
Impact on E-commerce and Retail
Mirroring trends in online banking and
financial services, online commerce would
be far less trusted and far less robust
without encryption to keep customer
data secure for payment processing.
In 2015, the Department of Commerce
estimated e-commerce sales at $341.7
billion, accounting for 7.3 percent of total
retail sales—a 14.6 percent increase from
2014.13 E-commerce has become a critical
component of
the U.S. economy.
According to the most current data
available, in 2013 U.S. manufacturers
reported that e-commerce shipments
were valued at approximately $3.3
trillion.1415

$341.7 BILLION

e-commerce sales in 2015

Impact on Healthcare

1 IN 3

health care recipients
will be the victim of
a health care data
breach in 2016

Since 2009, the Health Insurance Portability and
Accountability Act (HIPAA) Breach Notification
Rule has encouraged healthcare providers
to secure their data through encryption by
requiring those that suffer a data breach to
notify their clients within 60 days.16 Despite this
move, the American health system has fallen
victim to a number of high-profile data breaches.
According to the Department of Health and
Human Services Office of Civil Rights, which
publicly reports breaches affecting more than
500 individuals, 253 breaches compromised
112 million total records in 2015. Moreover, the
International Data Corporation’s Health Insights
group predicts “1 in 3 health care recipients will
be the victim of a health care data breach in
2016.”17

9

 II. Encryption, Public Safety, and Law Enforcement 
The Digital Crime Scene
Although digital technology has brought value to the marketplace, the proliferation of
applications and devices that utilize end-to-end encryption has presented law enforcement
and intelligence officials with new challenges: criminals, terrorists, and other bad actors
are taking advantage of encryption to hide their activities, operate in the dark, and conceal
evidence. Because so much information—communications, records, photographs, etc.—
is now stored on personal digital devices like smartphones and personal computers,
law enforcement professionals are increasingly investigating “digital crime scenes.”
Accordingly, law enforcement and intelligence officials have reported to Committee staff
that their inability to obtain access to the digital communications of criminals is increasingly
hindering their activities. Indeed, the Office of the District Attorney for New York County
reported that investigators struggled with more than 175 cases between September 2014
and March 2016 because they lacked access to digital information.
At the same time, Federal Bureau of Investigation (FBI) Director James Comey testified
before the House Homeland Security Committee in the fall of 2015 that:

“

Unfortunately, changing forms of Internet communication and the use of
encryption are posing real challenges to the FBI’s ability to fulfill its public
safety and national security missions. This real and growing gap, to which the
FBI refers as “Going Dark,” is an area of continuing focus for the FBI; we believe
it must be addressed given the resulting risks are grave both in traditional
criminal matters as well as in national security matters.18

Compelling Assistance
 
The government has relied on the 1789 All Writs Act (“AWA”) to help law enforcement
gain access to certain encrypted communications. Absent alternative remedies, the AWA
authorizes U.S. federal courts to “issue all writs necessary or appropriate in aid of their
respective jurisdictions and agreeable to the usages and principles of law.” In other words,
under certain circumstances, the court can compel a private entity to provide assistance
to the government.

Unable to technically access data on a device despite a lawful warrant, law
enforcement requests often rely on the AWA to compel technology companies
to assist in data recovery. This has raised the question of whether the AWA may
be used to compel a company to provide a “key” to an encrypted device or write
code to bypass security features. Over the past several years, the government

10

 has increasingly utilized the law to compel technology companies, like Apple and
Google, to help law enforcement execute search warrants for investigations.

A recent American Civil Liberties Union (ACLU) report documented 63 confirmed cases
since 2008 across the country in which the government has applied for AWA assistance
from Google or Apple to assist in data recovery.19 New York and California reported the
highest number of filings, with 12 and 16 cases respectively.20 The filings identified by the
report largely consist of requests for assistance in bypassing locked screens, resetting
passwords, creating code, and extracting data.21 According to the ACLU, investigations
into drug related crimes appear to be the leading cause of AWA motions.22 Other motions
filed involved investigations into credit fraud, identity fraud, bribery, child pornography, and
human trafficking charges.23
Still, it would be a mistake to suggest that the officials charged with investigating and
prosecuting criminals and terrorists and protecting the American public do not understand
the value of encryption. The FBI, the Department of Homeland Security (DHS), and the
wider Intelligence Community use strong encryption to secure their own information.
Indeed, senior U.S. officials are on record encouraging the private sector and the public to
do the same.24 At a Senate Hearing in July 2015, FBI Director Comey and Deputy Assistant
Attorney General Sally Quillian Yates testified that the development and adoption of strong
encryption is key to securing commerce and trade, safeguarding private information,
promoting free expression and association, and strengthening cyber security.25 They stated
that, “DOJ and the FBI support and encourage the use of secure networks to prevent cyber
threats to our critical national infrastructure, our intellectual property, and our data so as to
promote our overall safety.”26

Court Authorization to Conduct Electronic Surveillance
It is important to remember that only a handful of offenses are serious enough to
justify electronic interception orders. To obtain such an order, investigators must
demonstrate that normal investigative procedures are impossible, or too dangerous
to use. Additionally:
 
 
 

• 
• 
• 
  
  

Intercept orders have a limited scope;
Targets of the surveillance must be identified with specificity; and
Requests are subject to review by a U.S. Attorney, and by the    
Attorney General or Deputy Assistant Attorney General prior to  
being submitted to the Courts.

These authorities are granted under Title III of the Wiretap Act (for criminal cases)
and the Foreign Intelligence Surveillance Act (FISA) for cases involving foreign
powers and the agents of foreign powers.

11

 Encryption and Terrorism
Unfortunately, terrorists also use encryption technology to hide their communications from
law enforcement and intelligence professionals. FBI Director Comey recently testified to
the Senate Judiciary Committee that when ISIS operatives encounter a potential recruit,
“we see them giving directions” to move to a mobile messaging app that is encrypted.
“And they disappear.”27 In later testimony, Comey further commented, “There is no doubt
that the use of encryption is part of terrorist tradecraft now because they understand the
problems we have getting court orders to be effective when they’re using these mobile
messaging apps, especially that are end-to-end encrypted” [emphasis added].28 Indeed,
the perpetrators of terrorist attacks in Garland, Texas, Paris, France, and San Bernardino,
California, in 2015 all exploited encrypted communications.

“There is no doubt that the use of encryption is part of terrorist
tradecraft now because they understand the problems we have
getting court orders to be effective when they’re using these mobile
messaging apps, especially that are end-to-end encrypted.”
FBI Director James Comey
December 9, 2015

Yet this phenomenon is not new. Law enforcement and intelligence agents have been
grappling with terrorists’ use of encryption for more than a decade. Though it is difficult
to verify, according to one report, attackers in Bali, Madrid, and London masked their
communications with encryption.29 The difference is that now, in 2016, encryption is
ubiquitous. “The proficiency of criminals with encryption technology has advanced a
lot [over the years] and smartphones now have the same parts as the PCs of 15 years
ago,” commented Ran Canetti, a cryptography expert and professor at Boston University.
“Strong encryption is widespread. Everybody today who wants to get their hands on strong
encryption mechanics, they can do it.” Moreover, Canetti continued, “There’s no way to
prevent people from using encryption. The 10 percent who would want the encryption
secrecy will find a way to get it.” Thus, he concludes, “[Law enforcement] developing better
encryption-cracking tools is a very good thing. But they should concentrate on encryption
made by bad guys. Making the everyday encryption of the general public weak isn’t going
to get you what you want, [not] when it comes to coordinated terrorist attacks. There’s no
silver bullet answer.”30

12

 III. Encryption Around the Globe: A Patchwork of Legislative Responses
The 2015 terrorist attacks in Paris and San Bernardino prompted legislators across the globe
to consider the challenges created by widespread use of end-to-end encryption. Different
countries adopted different approaches to address the issue, creating a patchwork of laws
and regulations.

 

United Kingdom

The United Kingdom (U.K.) in November 2015 introduced the Investigatory Powers bill in
Parliament. While the bill seeks primarily to grant authorities to the government for bulk
collection and lawful hacking, there are also elements addressing digital communications
technology. According to news reports, “the bill gives the government the power to order
‘the removal of electronic protection applied by a relevant operator to any communications
or data.’”31 The exact meaning of this and other terminology has been under scrutiny from
lawmakers inside the British government. In February 2016, the Science and Technology
Committee in the House of Commons released a report criticizing the bill for its lack of
clarity on terms and definitions, as well as the potential impact on privacy, technology, and
encryption.32 The Chair of the Committee, Nicola Blackwood, reiterated her support for
encryption and opposed any “backdoor” or other exceptional accesses.33
On June 7, 2016, the House of Commons passed an updated version of the Investigatory
Powers bill in a 444-69 vote.34 While it upholds the bulk surveillance and computer hacking
authorities, the final version includes additional privacy protections and clarification
that companies are not required to provide the government with access to encrypted
communications unless it is technically feasible and not unduly expensive.35 These
additions helped the bill gain broader support than it had upon introduction, but the bill
still faces some opposition from privacy groups.36 The House of Lords will now consider
the bill with a decision expected later in 2016.37
Additionally, press reporting in February 2016 suggested that U.S. and British officials
began negotiating a bilateral agreement to update the mutual legal assistance treaty
(MLAT) process for exchanging data.38 The current MLAT process requires a foreign
government to make a formal diplomatic request for data and the Justice Department to
seek a court order for the data on behalf of that country. This process can take months,
which many countries complain is too long, particularly in sensitive national security
investigations. The new proposal “would enable the British government to serve wiretap
orders directly on U.S. communications firms for live intercepts” and seek stored data on
U.K. citizens.39 The agreement would allow the U.S. government to have the same authority
for data from British providers involving U.S. citizens.40 The proposal is intended to help
the U.S. obtain appropriate information from relevant British companies, as well as reduce
the administrative burden on U.S companies seeking to comply with British requests.41
Congress must approve any final agreement.

13

  

France

French legislators in January 2016 considered an amendment to the Digital Republic bill that
required technology companies to provide government access to certain products.42 The
amendment was introduced in the wake of the attacks in Paris to provide law enforcement
with additional tools to prevent future attacks.43 Legislators rejected the amendment out of
fear that it would ultimately weaken data security.44
A month later, however, the lower chamber of Parliament voted in favor of an amendment
to punish tech companies that refused to decrypt messages for law enforcement.45 The
legislation included language that punished offenders with a €350,000 fine and up to five
years in prison.46 Legislators are currently pushing the bill through the legislative process.

 

The Netherlands

In the wake of the Paris attacks, Amsterdam began reviewing the government’s law
enforcement authorities and concluded it would not force technology companies to share
encrypted communications.47 The Dutch government reasoned—similar to the amendment
to the French Digital Republic bill—that such a move would weaken data security and
create vulnerabilities for “criminals, terrorists and foreign intelligence services” to exploit.48

 

Germany

German government officials recently expressed support for strong encryption and vowed
to become “one of the most secure digital locations” in the world.49 Officials also pledged
“more and better encryption” and commented that the country aims “to be the world’s
leading country in this area. To achieve this goal, the encryption of private communication
must be adopted as standard across the board.”50

 

European Union

European Commission Vice President Andrus Ansip in May 2015 commented that there
were no plans to enable access to encrypted communications in Europe.51 Citing the
importance of maintaining public trust, Ansip cautioned that if there were backdoors then
someone would eventually abuse them.52 Ansip in March 2016 reiterated his opposition
to “backdoors to encrypted systems” because “sooner or later somebody will misuse
[them].”53 He also urged the U.K. and France to prevent backdoor access to encrypted
technology.

14

  

China

China in December 2015 passed an antiterrorism law requiring telecommunication and
Internet service providers to “provide technical interfaces, decryption and other technical
support and assistance to public security and state security agencies when they are
following the law to avert and investigate terrorist activities.”54 It is unclear whether the
law will have any impact on U.S. companies because Beijing has yet to implement the
legislation. The final law does not go as far as the initial draft, however, which would have
required companies to pass proprietary information directly to the government.55
 

India

The Indian government in September 2015 withdrew a proposal that would have forced
citizens to store plain-text versions of their data for 90 days and make it available to security
agencies after widespread blowback from the technology sector and privacy and human
rights groups.56

 

Iran

In May 2016, Iran’s Supreme Council of Cyberspace set a one year deadline for foreign
messaging companies to transfer all data and activity associated with Iranian users to
servers in Iran.57 This deadline has raised privacy and security concerns over storing such
data within the country, where the use of messaging services is becoming widespread –
including an estimated 20 million Iranians using the popular messaging app Telegram.58

 

Brazil

The Brazilian government in December 2015 sought to compel Facebook subsidiary
WhatsApp to share encrypted communications with authorities in a drug trafficking
investigation. When WhatsApp failed to produce the communications, a Brazilian judge
ordered the company to shut down.59 The order was overturned only hours later after
public backlash.60 With nearly 100 million WhatsApp users in Brazil,61 “Brazilians sought
temporary refuge in other communications that weren’t blocked by the court order, such as
Viber or Facebook Messenger. Telegram Messenger reported that some 1 million Brazilians
signed up for its service within a matter of hours.”62
Brazilian authorities later arrested a senior Facebook executive in March 2016 when
WhatsApp failed to produce the same encrypted communications. 63 The executive was
released after 24 hours, when a judge reversed the arrest order.64

15

  

United Nations

United Nations High Commissioner for Human Rights Zeid Ra’ad Al Hussein in March
2016 commented that encryption was essential to the interests of freedom.65 He stated,
“Encryption and anonymity are needed as enablers of both freedom of expression and
opinion, and the right to privacy. Without encryption tools, lives may be endangered.”66
While acknowledging that law enforcement “deserves everyone’s full support” in carrying
out investigations, he expressed concern over “unlocking a Pandora’s Box that could have
extremely damaging implications for the human rights of many millions of people, including
their physical and financial security.”67
 

United States

As discussed above, the U.S. government has relied on the AWA to compel the assistance
of private entities like Apple and Google to help the government enforce other lawful
orders or decisions. Recently, Apple challenged the government’s power under the AWA
in two high-profile cases in New York and California, resulting in dueling orders that could
set the stage for conflicting precedent in the future. The federal government ultimately
withdrew its request when it discovered another way to access the devices in question.
Although to date no legislation has been enacted to address the issue, and the White
House has declined to take a position, many of the stakeholders the Committee met with
have strong opinions on the appropriate path forward. One view is that encryption is an
essential element of an individual’s right to privacy and must be protected at all costs. As
the ACLU noted, “To preserve the promise of expression online, our laws must adequately
protect the rights to communicate securely and to remain anonymous.”
Yet others have suggested it is necessary to sacrifice some level of privacy to ensure that
Americans are kept safe from harm. Moreover, courts generally agree that there is no
absolute right to privacy in America: we operate within a system of checks and balances
where the government has the right—provided it is pursued by lawful means—to obtain
certain information to protect U.S. national security. Thus, companies, like any other
component of our society, must abide by the same set of rules irrespective of the perceived
burden.

“These issues are too important to resort to inaction, and too complex
to resolve without consensus.”
Edward F. Davis
Former Commissioner of the Boston Police Department
December 9, 2015

16

 Congressional Legislative Proposals
Several bills offered in Congress reflect these strong opinions. For example, the “ENCRYPT
Act of 2016”, offered by Rep. Ted Lieu (D-CA) in February 2016, provides that no State or
subdivision thereof may prohibit the use of encryption or compel any entity to “design or
alter the security functions in its product or service to allow the surveillance of any user of
such product or service, or to allow the physical search of such product, by any agency or
instrumentality of a State, a political subdivision of a State, or the United States.”68
At the other end of the spectrum, the “Compliance with Court Orders Act of 2016,” a
discussion draft offered by Intelligence Committee Senators Richard Burr (R-NC) and Diane
Feinstein (D-CA) in April 2016, requires that “a covered entity that receives a court order
from a government for information or data shall provide such information or data to such
government in an intelligible format; or provide such technical assistance as is necessary
to obtain such information or data in an intelligible format or to achieve the purpose of the
court order.”69
A third way, offered by House Homeland Security Chairman Michael McCaul (R-TX)
and Senator Mark Warner (D-VA), proposes to bring together experts from each of the
key areas—cryptology, global commerce and economics, federal, State and local law
enforcement, the technology sector, the Intelligence Community, and the privacy and civil
liberties community—to form a Digital Security Commission. The Commission would be
charged with analyzing digital security challenges, including encryption and developing
recommendations for Congress to chart a co urse forward.

The McCaul/Warner Commission includes representatives from:
• 
• 
• 
• 
• 
• 
• 
• 

Cryptology
Global commerce and economics
Federal law enforcement
State and local law enforcement
Consumer-facing technology sector
Enterprise technology sector
Intelligence Community
Privacy and civil liberties community

This approach recognizes that equities on all sides of the encryption debate should be
taken into consideration.

17

 IV. No Simple Solution: Trade Offs And Trends
Two key themes have emerged from our discussions with stakeholders over the past year:
1) if we are to get ahead of this issue as a society, we must first develop a common lexicon
and a common understanding of what the problem actually is; and 2) legislative proposals
seem to determine clear “winners” and “losers” in the debate, thereby risking significant
blowback for all the parties involved. As Director of the National Security Agency Admiral
Michael Rogers recently commented:

“

Encryption is foundational to the future – given that foundation, what is the best way
to deal with it? It’s crazy to think we can make it go away. Technology is creating
capabilities that have only been a dream for us as a society in the past, we need to
figure out how to deal with that reality… Concerns about privacy have never been
higher, given this combination, how do we make all of this work? We need balance
realizing it isn’t about one or the other. This is not just a military or national security
problem, it is much broader than that.70

Stakeholders have also raised legitimate questions about the impact of U.S.-centric
legislation on U.S. companies’ ability to compete in a global market. For example, as
discussed above, a study released earlier this year conducted by Harvard University
suggests that two-thirds of entities selling or providing encrypted products are outside
of the United States.71 Thus, U.S. legislation might have little impact on bad actors that
can obtain encryption tools outside of the United States, while irreparably harming U.S.
commercial interests by driving customers to foreign competitors. Indeed, according to the
authors of the Harvard University’s Berkman Center for Internet and Society paper Don’t
Panic: Making Progress in the “Going Dark” Debate, “critics fear that architectures geared
to guarantee such access would compromise the security and privacy of users around the
world, while also hurting the economic viability of U.S. companies.”72
Other stakeholders have suggested that it is the transition to default encryption on widely
available products and smartphone applications which encrypt or automatically erase
communications that pose the real problem.73 They argue, if criminals or terrorists had to
proactively opt into encryption, or go out of their way to obtain encryption software, the
problem might be more manageable. As Office of the Director of National Intelligence
General Counsel Robert Litt recently noted, “there are a lot of sloppy and stupid terrorists
out there … people don’t always choose the most secure” technologies.74
These perspectives further illustrate the diversity of views on technology issues specifically,
particularly when it comes to reaching a consensus on appropriate policy and legislative
recommendations. No matter the issue, there will be trade-offs and compromises that likely
need to be reached.

18

 V. Building Consensus in the Face of Complex Challenges: A Need for National Dialogue
In the words of former Commissioner of the Boston Police Department, Edward F. Davis,
“These issues are too important to resort to inaction, and too complex to resolve without
consensus.” Yet, to date, consensus has remained elusive. Many had hoped that a dialogue
among the key stakeholder interests surrounding encryption and national security—
especially in the wake of the Paris, Brussels, and San Bernardino attacks—would develop
organically. But no such dialogue has begun. Still, many commentators from the tech
industry, the national security and intelligence communities, academia, law enforcement,
and lawmaking agree that this kind of dialogue is essential to getting beyond the rancor
and solving the problem. As Ryan Hagemann, a technology and civil liberties analyst
at the libertarian advocacy organization, the Niskanen Center, and Andrew Chang, cofounder and managing partner of Eastern Foundry, an incubator and accelerator for tech
startups working with government wrote recently, “[a Congressionally-mandated dialogue]
is the best path forward to resolving the encryption debate. By assembling a report and
recommendations from the leading minds in the fields of economics, law, technology,
computer science, and law enforcement, we can begin to form a general concurrence of
opinions, informed by a common understanding of the underlying facts.”75
In further support of this approach, CIA Director John Brennan said in his testimony before
the Senate Intelligence Committee in June 2016, “I don’t know what the best way is [to
solve the encryption question], but I know that it has to be an effort undertaken by the
government and the private sector in a very thoughtful manner that looks at the various
dimensions of the problem and is going to come forward with a number of options—
recommendation...A congressional commission on this issue is something that really could
do a great service. There needs to be an understanding between the private sector and
the government about what our respective roles and responsibilities are going to be and
be able to find some kind of solution that’s able to optimize what it is we’re all trying to
achieve.”
The Committee has arrived at the same conclusion. While Congress—as opposed to the
courts—is the proper forum to consider novel matters of law and policy, we recognize
that this is a truly complex issue. A comprehensive report—one which will include new
ideas for addressing digital security challenges—will be incredibly valuable for Members
of Congress as they endeavor to make the most informed decisions possible. We further
recognize that the debate surrounding encryption is itself part of a larger conversation on
technological transformation and its impact on American competition, security and values.
We believe the best way to make informed, sustainable decisions is to bring together experts
who best understand the complexities of this issue, and can advise Congress on the best
path forward. Apple CEO Tim Cook recently weighed in on a Commission proposal, noting
“Our country has always been strongest when we come together. We feel the best way
forward would be [to]…as some in Congress have proposed, form a commission or other

19

 panel of experts on intelligence, technology and civil liberties to discuss the implications
for law enforcement, national security, privacy and personal freedoms. Apple would gladly
participate in such an effort.”76
Former House Speaker Newt Gingrich (R-GA) and former House Intelligence Committee
Member Jane Harman (D-CA) summed things up, writing in a joint Op-Ed on the issue in
April 2016, “We each have private hopes, of course, that an expert, unbiased commission
will recommend what we already believe. But we’re willing to learn that we have things
completely backward; Apple, the Obama administration and members of Congress should
be just as open. The question of encryption is too central to this country’s future to answer
without a real dialogue.”77

20

 Appendix – Legal Standards for Obtaining Digital Evidence
When considering whether law enforcement agents should be able to access encrypted
data containing evidence of a crime, it is important to remember that there are legal standards and procedural requirements in place all along the way to safeguard the privacy of
Americans.
Investigators must meet a series of escalating legal standards in order to obtain various
types of data. Most investigations begin by casting a wide net. As new facts emerge and
evidence is gathered, the case narrows. As the data sought becomes increasingly private
and potentially revealing, the standards to obtain that data become increasingly difficult to
meet. Below is a diagram that helps to explain the process by associating various types
of data that investigators may seek with the corresponding legal standards that must be
reached.

No Standard

Relevance

Reasonable Suspicion

Probable Cause

There is no legal standard
for obtaining publicly
available information.

It is likely that a search will
yield information relevant to
an ongoing investigation.

There is a “strong suspicion,”
based on specific and
articulable facts, that a
person is involved in
criminal activity.

There is a “fair probability,”
based on the totality of the
circumstances and articulable
facts, that a person has
committed a crime, or that a
search will reveal evidence
of a crime.

Public Information

Name/Physical Address/#

To/From

Emails

Google Searches

Call Times/Duration

IP Addresses

Text Messages

Consensual Interactions

Billing Records

Transactional Records

Pictures

Publicly Available
Information

Basic Subscriber
Information

Source/Destination
Email Addresses

Content of Electronic
Communications

Commonly referred to as “metadata,” a set of data that
describes and gives information about other data.

Investigators seeking access to
digital evidence must be able to
demonstrate that the evidence
is needed, and that they have
exhausted the least intrusive
means of obtaining it. Yet, even
where law enforcement has met
the legal standard to obtain the
data, actual access may be
prevented because the
data is encrypted.

21

 Endnotes
1 
Jeff Stone, “DHS Chief Jeh Johnson
Calls Encryption A Threat To Public Safety,”
International Business Times, April 22, 2015.
http://www.ibtimes.com/dhs-chief-jeh-johnsoncalls-encryption-threat-public-safety-1892057
2 
Aaron Smith, “U.S. Smartphone Use in
2015,” Pew Research Center, April 2015. http://
www.pewinternet.org/2015/04/01/chapter-onea-portrait-of-smartphone-ownership/
3 
Ingrid Lunden, “6.1B Smartphone Users
Globally By 2020, Overtaking Basic Fixed
Phone Subscriptions,” Tech Crunch, June 2,
2015.
http://techcrunch.com/2015/06/02/61b-smartphone-users-globally-by-2020overtaking-basic-fixed-phone-subscriptions/#.
mjrlvwq:RPIH
4 
David Dean et al, “The Internet Economy
in the G-20,” Boston Consulting Group, 2012.
https://www.bcg.com/documents/file100409.
pdf
5  Stephen Siwek,“Measuring the U.S.
Internet Sector,” the Internet Association,
December 10, 2015. https://internetassociation.
org/121015econreport/
6  Andrew Perrin and Maeve Duggan,
“Americans’ Internet Access: 2000-2015,”
Pew Research Center, June 26, 2015. http://
www.pewinternet.org/2015/06/26/americansinternet-access-2000-2015/

9 
“Global Encryption Software Market
is Expected to Reach $2.16 Billion by 2020 Allied Market Research,” PR Newswire, January
28, 2015. http://www.prnewswire.com/newsreleases/global-encryption-software-market-isexpected-to-reach-216-billion-by-2020---alliedmarket-research-290039391.html
10 
Susanna Fox, “51% of U.S. Ad ults Bank
Online,” Pew Research Center, Aug. 7, 2013.
http://www.pewinternet.org/2013/08/07/51-ofu-s-adults-bank-online/
11  Nathan
Frederiksen
and
Sarah
Lenart,
“2011
State
of
Online
and
Mobile
Banking,”
comScore
Financial
Services,
February
2012.
https://www.
comscore.com/Insights/Presentations-andWhitepapers/2012/2011-State-of-Online-andMobile-Banking
12 
Gerdes, Geoffrey et al, “The 2013 Federal
Reserve Payments Study,” Federal Reserve
System, July 2013. https://www.frbservices.org/
files/communications/pdf/general/2013_fed_
res_paymt_study_detailed_rpt.pdf
13 
Rebecca DeNale and Deanna
Weidenhamer, “U.S. Census Bureau News,”
U.S. Department of Commerce, February. 17,
2016. https://www.census.gov/retail/mrts/www/
data/pdf/ec_current.pdf
14  U.S. Census Bureau, “E-Stats 2013:
Measuring the Electronic Economy,” U.S.
Census Bureau, May 28, 2015. https://www.
census.gov/econ/estats/e13-estats.pdf

7 
Ponemon
Institute,
“2016
Global
Encryption
Trends
Study,”
Thales Security, February 2016. http://
i m a g e s . g o . t h a l e s - e s e c u r i t y. c o m / We b /
ThalesEsecurity/%7B5f704501-1e4f-41a8-91ee490c2bb492ae%7D_Global_Encryption_
Trends_Study_eng_ar.pdf

15 
Ryan Hagemann and Josh Hampson,
“Encryption Trust, and the Online Economy,”
Niskanen Center, November 9, 2015.
https://niskanencenter.org/wp-content/
u p l o a d s / 2 0 1 5 / 1 1 / R E S E A R C H - PA P E R _
EncryptionEconomicBenefits.pdf

8 

16  Ricardo Alonso-Zaldivar, “Lack of
encryption standards raises health data privacy

22

Id.

 questions,” Associated Press, February 8, 2015.
http://www.pbs.org/newshour/rundown/lackhealth-care-cyber-security-standards-raisesquestions/
17 
Dan Munro, “Data Breaches In Healthcare
Totaled Over 112 Million Records In 2015,”
Forbes, December 31, 2015. http://www.forbes.
com/sites/danmunro/2015/12/31/data-breachesin-healthcare-total-over-112-million-records-in2015/#146c243f7fd5
18  Hon. James B. Comey, “Statement
Before the House Committee on Homeland
Security Washington, D.C.” October 21, 2015.
https://www.fbi.gov/news/testimony/worldwidethreats-and-homeland-security-challenges
19 
Eliza Sweren-Becker, “This Map Shows
How the Apple-FBI Fight Was About Much More
Than One Phone,” American Civil Liberties
Union, March 2016. https://www.aclu.org/blog/
speak-freely/map-shows-how-apple-fbi-fightwas-about-much-more-one-phone
20 

Id.

21 

Id.

22 

Id.

23 

Id.

24 
Federal Bureau of Investigation (FBI),
“Going Dark Issue.” https://www.fbi.gov/aboutus/otd/going-dark-issue

27 
Cory Bennett, “Administration spars
with lawmakers over access to encrypted
data,” The Hill, July 8, 2015. http://thehill.
com/policy/cybersecurity/247228-encryptionbattle-reaches-capitol-hill
28 
“Senate
Judiciary
Committee
Holds Hearing on FBI Oversight,” CQ
Congressional
Transcripts,
December
9,
2015.
http://www.cq.com/doc/
congressionaltranscripts-4803506?2
29 
Lauren Williams, “Yes Terrorists
Use Encryption But That Doesn’t Mean It’s
A Bad Thing,” Think Progress, November
17,
2015.
http://thinkprogress.org/
world/2015/11/17/3722725/isis-encryptionparis-attacks/
30 

31  Emma
Woollacott,
“MPs
Slam
‘Unintended
Consequences’
Of
UK’s
Investigatory
Powers
Bill,”
Forbes,
February 1, 2016. http://www.forbes.com/
sites/emmawoollacott/2016/02/01/mpsslam-unintended-consequences-of-uksinvestigatory-powers-bill/#3a2f386e47af
32 
Owen Bowcott, “Investigatory
powers bill: snooper’s charter lacks clarity,
MPs warn,” The Guardian February 1, 2016.
http://www.theguardian.com/law/2016/feb/01/
investigatory-powers-bill-snoopers-charterlacks-clarity-mps-warn
33 

25 
Hon. James Comey, “Joint Statement
with Deputy Attorney General Sally Quillian Yates
before the Senate Judiciary Committee,” July
8, 2015. https://www.fbi.gov/news/testimony/
going-dark-encryption-technology-and-thebalances-between-public-safety-and-privacy
26 

Id.

Id.

34  Jeremy Kahn, “Apple’s Encryption
Looks Safe as U.K. Commons Passes
Spy Bill,” Bloomberg Technology, June 7,
2016.
http://www.bloomberg.com/news/
articles/2016-06-07/apple-s-encryption-lookssafe-as-u-k-commons-passes-spy-bill.

Id.
35 

Id.

23

 36 

Id.

37 

Id.

38  Ellen Nakashima and Andrea Peterson,
“The British want to come to America –
with wiretap orders and search warrants,”
The Washington Post, February 4, 2016.
https://www.washingtonpost.com/world/
national-security/the-british-want-to-cometo-america--with-wiretap-orders-and-searchwarrants/2016/02/04/b351ce9e-ca86-11e5a7b2-5a2f824b02c9_story.html.
39 

49 
Sara Zaske, “While US and UK
governments oppose encryption, Germany
promotes it. Why?” ZD Net, October 26, 2015.
http://www.zdnet.com/article/while-us-and-ukgovts-oppose-encryption-germany-promotesit-why/
50 

51 
Loek Essers, “No encryption back
doors, says EU digital commissioner,” PC
World, May 20, 2015. http://www.pcworld.com/
article/2924632/no-encryption-back-doorssays-eu-digital-commissioner.html

Id.
52 

40 
41 

Id.

Id.

44 
Phil Muncaster, “French Government
Rejects Encryption Backdoors,” Infosecurity
Magazine, January 19, 2016. http://www.
infosecurity-magazine.com/news/frenchgovernment-rejects/
45 Agence
France-Presse,
“French
parliament votes to penalize smartphone
makers over encryption,” The Guardian,
March 3, 2016. http://www.theguardian.com/
technology/2016/mar/03/french-parliamentpenalise-smartphone-makers-over-encryption
46 

Id.

47 
“Dutch government says no to ‘encryption
backdoors,’” BBC News, January 7, 2016. http://
www.bbc.com/news/technology-35251429
48 

24

Id.

Id.

42 
Liam Tung, “Encryption backdoors by
law? France says ‘non,’” ZD Net, January 18,
2016. http://www.zdnet.com/article/encryptionbackdoors-by-law-france-says-non/
43 

Id.

Id.

53  Nancy Scola, “EU digital official:
Encryption backdoors a ‘bad idea,’” Politico
Pro, March 2016. https://www.politicopro.com/
tech/whiteboard/2016/03/eu-digital-officialencryption-backdoors-a-bad-idea-068807
54  Chris
Buckley,
“China
Passes
Antiterrorism Law That Critics Fear May
Overreach,” The New York Times, December
27, 2015. http://www.nytimes.com/2015/12/28/
world/asia/china-passes-antiterrorism-lawthat-critics-fear-may-overreach.html
55 

Id.

56 “India
withdraws
controversial
encryption policy,” BBC News, September 22,
2015.
http://www.bbc.com/news/world-asiaindia-34322118
57 
“Iran orders social media sites to store
data inside country,” Reuters, May 29, 2016.
http://www.reuters.com/article/internet-iranidusl8n18q0in
58 

Id.

59 
Jeb Blount and Marcelo Teixeira, “Brazil
court lifts suspension of Facebook’s WhatsApp
service,” Reuters, December 17, 2015. http://

 www.reuters.com/article/us-brazil-whatsappban-idUSKBN0U000G20151217

us-cybercom-and-the-nsa-a-strategic-look-withadm-michael-s-rogers.

60 

Id.

61 

Id.

71  Bruce Schneier Berkman, Kathleen
Seidel, and Saranya Vijayakumar, “A Worldwide
Survey of Encryption Products,” February 11,
2016. https://www.schneier.com/cryptography/
paperfiles/worldwide-survey-of-encryptionproducts.pdf.

62  Mike Murphy, “Brazil shut down
WhatsApp for roughly 100 million people
for 12 hours,” Quartz, December 17, 2015.
http://qz.com/576485/brazil-has-shut-downwhatsapp-for-roughly-100-million-people/
63 
Will
Connors,
“Facebook
Executive Arrested in Brazil,” The Wall
Street Journal, March 1, 2016. http://www.
wsj.com/articles/facebook-executivearrested-in-brazil-1456851506?cb=logg
ed0.2916669365819827
64 
“Facebook executive says Brazil jail
stint won’t slow company’s growth,” Reuters,
March 5, 2016. https://www.theguardian.com/
technology/2016/mar/05/facebook-brazildiego-dzodan-arrest-sao-paulo
65 
“UN human rights chief backs
Apple in FBI encryption row,” BBC News,
March 4, 2016. http://www.bbc.com/news/
technology-35725859
66 

Id.

67 

Id.

68 
Bill text available at: https://lieu.house.
gov/sites/lieu.house.gov/files/documents/
L I E U _ 0 2 7 _ x m l % 2 0 % 2 8 E N C RY P T % 2 0
Act%20of%202016%29.pdf
69 
Bill text available at: https://www.burr.
senate.gov/imo/media/doc/BAG16460.pdf
70  “US Cybercom and the NSA: A
Strategic Look with ADM Michael S. Rogers,”
The Atlantic Council, January 21, 2016. http://
www.atlanticcouncil.org/events/webcasts/

72  “Don’t Panic: Making Progress in the
‘Going Dark’ Debate,” Harvard University
Berkman Center for Internet & Society, February 1,
2016. https://cyber.law.harvard.edu/pubrelease/
dont-panic/Dont_Panic_Making_Progress_on_
Going_Dark_Debate.pdf.
73 
Andrea Peterson, “Why the Government
Can’t Actually Stop Terrorists From Using
Encryption,” The Washington Post, March 15,
2016.
https://www.washingtonpost.com/news/
the-switch/wp/2016/03/15/why-the-governmentcant-actually-stop-terrorists-from-usingencryption/.
74 
Steven Nelson, “Encryption Backdoor
Debate Centers on Catching Stupid Criminals,”
US News and World Report, September
21,
2015.
http://www.usnews.com/news/
articles/2015/09/21/encyrption-backdoordebate-centers-on-catching-stupid-criminals.
75 
Ryan Hagemann and Andrew Chang,
“Encryption showdown: Burr-Feinstein vs McCaulWarner,” The Hill, April 25, 2016. http://thehill.
com/blogs/congress-blog/technology/277467encryption-showdown-burr-feinstein-vs-mccaulwarner.
76 
“Answers to your questions about Apple
and security,” http://www.apple.com/customerletter/answers/.
77 
Hon. Newt Gingrich and Hon. Jane
Harman, “A National Debate on Encryption –
Now,” The Hill, April 12, 2016. http://thehill.com/
opinion/op-ed/276071-a-national-debate-onencryption-now.

25