LegiStorm

Summary:

Encryption is a process to secure information from unwanted access or use. Encryption uses the art of cryptography to change information which can be read (plaintext) and make it so that it cannot be read (ciphertext). Decryption uses the same art of cryptography to change that ciphertext back to plaintext. Encryption takes five elements to work: plaintexts, keys, encryption methods, decryption methods, and ciphertexts. Data that are in a state of being stored or in a state of being sent are eligible for encryption. However, data that are in a state of being processed— that is being generated, altered, or otherwise used—are unable to be encrypted and remain in plaintext and vulnerable to unauthorized access. Purposes of Encryption Today, encryption is as ubiquitous as the devices that connect to the Internet. Encryption is a tool that information security professionals and end users alike can employ to ensure that the data in their custody remain confidential to only those who are authorized to access the data. It also helps to ensure that data is accessed as the authorized users intend, and not altered by a third party. Strong encryption helps users around the world trust the systems and data they are using, thereby facilitating the transactions that allow society to operate, such as economic activity, control of utilities, and government. This is important because the world has become more connected, and attackers have become more persistent and pervasive. It is difficult to overemphasize the extent to which Internet-connected systems are under attack. But the frequency with which data breaches are exposed in the news media can act as an indicator of the prevalence of active exploitations. Encryption is a tool used to thwart attempts to compromise legitimate activity and national security. Major Issues However, encryption has posed challenges to law enforcement and elements of national security. Strong encryption sometimes hinders law enforcement’s ability to collect digital evidence and investigate crimes in the physical world. As more real world transactions are conducted via digital means and adversaries continue to perpetrate crimes, this problem may become more pronounced. There are multiple sides to the encryption debate, but the sides generally reduce to two main parties: those who favor cryptosystems built as strongly as possible, and those who favor cryptosystems built with the opportunity for access if necessary and approved by a judicial authority. Encryption has created new issues for end users, as well. The technology was adopted rapidly, and users were not afforded the same opportunities to alter their habits as with the more steady adoption of technologies in the past. With the quick adoption of encryption, users left themselves more vulnerable to being unable to access or share their own data, for instance in the event that they forget the key or lack a way to share that key. One proposal to alleviate concerns over access to encrypted data by law enforcement includes mandating access for law enforcement while retaining strong encryption. However, this proposal undermines how encryption systems are built by introducing some extraordinary access into the system beyond the direct access of the user. This proposal carries risk as it creates an attack vector which adversaries of all types could seek to exploit. The increased risk raises the possibility that a persistent adversary will be able to circumvent the protections put in place to allow limited access and compromise the data and systems in use. In the 114th Congress, many activities have focused on encryption, including some legislative proposals.