Them wereis for chosen as the top entries. Online, andh them of course, you can watch is here back your tomorrow at 7 00 eastern, for clock pacific. Until then, have a great saturday. [captions Copyright National cable satellite corp. 2015] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] next, a form on the legal issues surrounding encryption. Leaders are at how addressing the opioid addiction. Live inonald trump wisconsin. Then, at 7 00, Hillary Clinton and Bernie Sanders. The Information Technology and Innovation Foundation hosted this discussion on encryption issues and policy, and what federal officials and policymakers should do to continue technological advances while continuing to protect the rule of law. This is one hour and 35 minutes. I would like to welcome you to todays event. The goal of todays event is to explore the ongoing debate about cryptography, and how to find the right balance between the needs of government to stop crime and fight terrorism, and on the other side, the desire of private companies and citizens to protect their data. If you logistics before we get started. First, the event is being recorded. It is also being light streamed live streamed. We will have time at the end ask questions of the panelists. If you are pretty same remotely, you can ask questions, as well as in the room. To begin, i want to kick off the discussion by providing an overview of a report we recently released titled, unlucky encryption. This report tries to set todays debate in context, by providing an overview on past debates of encryption. We drill down into the various arguments put forward by Law Enforcement and Intelligence Community on why encryption weakened oreekend limited, and we provide a response to the different arguments. The want to start with a quick history of how corruption has changed over time, in response to new technologies and business models. The modern air of commercial cryptography started in the 1960s. This is when we had the original mainframe computers, these large databases, and companies wanted to protect their data. They began using what is called metric encryption. Many of the companies were to then share the data. You have Financial Institutions who wanted to share data. We had the creation of the first backed encryption standards to help facilitate this exchange of data. The next change came when we had the rise of personal computers, networks, and the internet. And, the need to securely communicate with of wide a wide friday of users. These were often times anonymous parties. The biggest problem that you had with metric encryption was key exchange. How do you securely share the key with someone else . If youkes sense, you co could share a key securely, you would not need encryption in the first place. This led to public key encryption. You have one key to encrypt, and one key to decrypt. After this, the next big. Evelopment was Cloud Computing this was a big change. In the past, all the data was stored locally. It was completely controlled by customers. Data ands were sharing storing it in a third party. Morecreated inherent abilities. Many Cloud Computing providers have been actively working to address the issue by providing customers with encryption so that they are taking themselves out of the loop. More recently, we have the rise of mobile devices, where you have lots of you storing large amounts of data on a device that literally someone could walk away with. It has been a big move within the encryption space on how do you enable things like full disk encryption so you have Strong Security on local storage. Finally, we have the rise of the internet of things where many of these connective devices are in the home. Users want to make sure these devices are secure. Might have less bandwidth, less processing power, less energy needs, and you have to figure out how to deal with that. Look at theyou history, you see a few things. First, what you see is a steady Information Security in response to new technologies and this is models. This is not the private sector trying to actively lockout the government, or anyone else, it is trying to make things more secure. All the use of encryption is more prevalent today, the debate over government access to encrypted data is not new. At each of the stages, the government has pushed back against the advances. In the earliest years, we saw that various government stakeholders were working behind encryptionto weaken standards. In the 1970s, Law Enforcement and Intelligence Community tried to sue academics who tried to publish on cryptography. In the 1990s, there were debates over key voice encryption. We see of course the most recent encryptions in full disk encryption. As far back as the 1960s, it was possible for users to ways that then government could not get access to it because the users were the only ones with the keys. Its only the recent move to Cloud Computing that broke this model for users. In effort to repair the weakness, companies are being being the front lawn force it. There are really five arguments as to why policymakers should we aken encryption. First, they say the company should not provide proof encryption. Ability of are the Law Enforcement to conduct searches. But we tried to do with each of these arguments is layout, and the with the people making these arguments, exactly what they are saying. Our goal is not to paint strongly arguments, but show where each argument is. What we argue in the report is what the scale of the person is much greater today, the phenomenon itself, the inability of Law Enforcement to axis encrypted data is fundamentally not new. The second argument that we here is without access to encrypted data, government will be less and to stop or solve crime terrorism. This is true. Our report is not at all trying to deny the fact that the rise of pervasive encryption may have a negative impact on love with it. In fact, we readily knowledge that it will like you make it more difficult to prevent and investigate crimes of terrorism. These crimes will be exacerbated if the government does not come up with new tolls and techniques so can function in an era of pervasive encryption. Unlocking encrypted data is the wrong solution because it creates systemic one abilities. Moreover, it is not the only way you can investigate crime or terrorism. We talk about a lot of the tools that are out there already. Moreover, the u. S. Does not have a n monopoly on this talent. Some of the best cryptographers are not american. They are working abroad. Moreover, there is a number of Companies Like telegraph, a software maker, those creating secure communication tools. All of these are outside the jurisdiction of the United States. Is third argument we here theanies try to stop creation of keys for business alone. Research has been steadily closing one abilities for decades. The move to give consumers back the control keys is the next step in creating secure cloud commuting. Controlling their own key allows them to manage the risk themselves. Fix thethat they could problem if they study it harder, or longer, but encryption is based on math, not magic. There is no way to provide thirdparty axis without introducing vulnerabilities that can be abused by others. Finally, the last argument we , obviously in recent weeks, is the company should help the government hack into products that they sell so that they can gain access to encrypted data. If this t technique were used, lawabiding users would distrust the companies. That said, companies should be compiling with lawful requests to the extent that they are able. We are clear that government should not restrict companies from designing products with security features that cannot be defeated by a third party, including the company that made the product themselves. The government, as we know, has a basic right to search, but its not have a basic right to find. That is the basic distinction we have to keep in mind. In short, we are concluding that the cost to consumers and businesses of a policy that would weaken or limit encryption would be misguided. Onwould have little impact keeping technology out of the hands of criminals and terrorists. It would reduce security for lawabiding citizens and businesses. It would make it more difficult for u. S. Companies to compete locally, it would dismiss u. S. Leadership abroad in providing policies to increase Cyber Security, which is greatly needed. We are in the middle of this debate, where do we go from here . We outlined a number of recommendations on how policymakers can promote trust through Strong Security practices, and how they can provide new tools to uphold the law. Thet, congress should ban nsa unintentionally weakening encryption standards. They have the best talent in the world, and it should be used to make encryption more secure, not less secure. Theres a definite lack of trust after the nsa used its influence to weaken some government promoted standards. We need to draw a clear line in the sand saying, that cannot be passed in the future. The government should not be toowed to provide companies facilitate government access by altering their designs. As we see states thinking about making laws in this area, we should make sure that congress pms any state activity. Should passess legislation allowing all disclose in a timely and responsible manner, and work with the public sector. This gets back to what is the role of the government . Will it be about improving security or not. Congress should examine whether the court should examine the statests of individual by holding suspects in contempt of court by failing to expose their data. This is an issue that we hope we talk more about in the panel, and get more into in the report. If you look back at the history of this, they were treated in two different ways keys were ineated and to divert ways two different ways. The government can tell me to disclose my fingerprint, but cannot to me to disclose an alphanumeric passcode. Ass probably does not make much sense now. Come to should explain whether there are opportunities to give more power to lawenforcement in a way that does not weaken security for everyone else uses, congress should provide more resources for cyber forensics so they can investigate and analyze evidence that can be used in court. Local Law Enforcement is not going to have the right kind of skill set to deal with some of the more complex cases. We need to make sure we are providing resources so that Law Enforcement is not left behind. Congress should establish more roles on how and when congress investigations. There is so much gray area here. U. S. Trade negotiations negotiators should actively oppose Foreign Government efforts to introduce backdoors akensoftware, or we encryption. Finally, the u. S. Government should be promoting Cyber Security around the world by championing strongmpioning encryption. This comes back to the position of the u. S. Government. It should make this the cornerstone of its domestic and foreign cyber policy. We have a really fantastic set a today. T of panelists i have asked for the reaction to the report as well is to dig into the issues and the debate we have seen play out over the last weeks and years. Let me briefly introduce everyone, and i have asked them to make brief opening remarks, then we will dig into questions. To my left, the executive director and cochair of the future privacy forum. General torney the Deputy Assistant attorney oferal in the department justice. We have the Vice President of the center for democracy and technology. The executive Director Director of the association for competitive technology. Civilechnology and liberties policy analyst from kanencan and center nis center. Thank you all for being here. I will be brief. Im confident they invited me before they were able to line up these people who are leaders in this debate. I will speak with some humility, and hopefully set a little bit of an opening tone. It is rare, for those of you who know me, to speak with humility. [laughter] tank is are in a think this, your business is to think. The more you think with strident views, the better you are, apparently. Im very humbled by this issue, frankly. We have written in support of strong crypto, and ensuring , i will toections you, this is an issue and truly humbled by, and i hope we find out the true answers. Im confident that the right answers are how we can fight terror, and strengthen Law Enforcement, without creating the concerns are created by some of the challenges we seem to want to create for strong crypto. I was on the other side of law aol. Cement in my days at recently had some strange requests over the years, but requests that i understood we were cooperating with to save lives. We were proud that we cooperated. Who did not those have the systems in order because of whatever practical issues that they could not assist. Bad actors allowing bad things to happen on the internet. The day, i was watching an episode of the americans, and those of you who follow know that there is this russian scientist being forced to invent a technology for the soviets. Into thised intellectual exercise. I cannot help think the conclusion of what we are asking for company, or scientists, researchers to invent, and the conclusion that is not something that we can support an intellectual involvement. There may be other areas where can be useful to invent also is a valuable things, and the compelling notion of is sointellectual work frightening. Just as i much of extension of my brain, as these we will have installed into our brain. Why should we have this waterboarding . We will be able to garner this information. Is it acceptable that as take not Technological Capabilities become incorporated bodies, this is subject to an incredible level of personal protection sorry, we will let you hide what is in your heart because that is a zone of humanity that ought not interrupted even though there are ways to do it. I was looking into statistics after technical measures were taken in the number of cities. 40 50 , and even though they may be one step removed from the discussion here, the debate does matter to the average person over. Pushed leaving the crypto side, action was just taken against facebook saying, you are allowing six character password, you must have longer passwords, and they must be awful alphanumeric, and you must have special characters. I was looking at it and email was just sent out noting that are advice of complex passwords was leaving people uddled andd before unable to manage passwords. We have things like maximum attempts. That piece of this is an incredible part. Today, we will still have a password, it is my password has to be so complex, by having a real respect for frankly protecting the notion of the ise limiting piece misunderstood. I will close with that look forward to continuing the conversation. Thank you. David. Having me here. Thank you to the other panelists , and look forward to an interesting conversation. I think it is important to have different views here. I appreciate the opportunity to be here to speak on behalf of doj on the panel of people who are experts in the field, but who range from opposed to the government information to really opposed. [laughter] we will see what happens in the next hour. I did want to talk about the report that dan just spoke about for a few minutes. And, i want to talk with things i thought were helpful in the report, and other things that were a little less helpful, and room for improvement. Things that were helpful, and provided good basis to talk about in this panel i will start with page one. On page one, it was great to see entailsion that this hard tradeoffs. It improves protection for customers, but makes it harder for the government to protect them from other threats. I think that is an essential way to think about this problem and other problems posed by limitations of encrypted. Sometimes, in this debate, you see the the assertion that there. Re no tradeoffs to be made i think we have seen some of that in the discussion of dropping phone theft, and the like, but there is a Wishful Thinking that we can have it every which way, and theres no tradeoffs to be had, when you implement a certain type of encryption, or other measures to protect Data Security. There are tradeoffs to be had, and at the end of the day, they are Public Policy choices. Not necessarily technological questions. The obvious framework that one draws from page one of this report is the way to approach this problem is to look at the incremental benefits that come and the cost on society as a whole. We cannot compare things that are like to think theyre not like you have to compare things that are like to think that are like. Say, if we are to look at the cost of society from crime, we cannot look at all times, but crimes that can be solved or prevented from access to this evidence. At the same time, if you look at harms to Data Security, you cannot look at all harms, you have to look at incremental harms. A give the report credit for mechanism the page one. The second area they think is worth commending is the paper makes a strong effort to define its terms, particularly, the term, backdoor. We hear that term a lot in this debate. On page 16, they defined back door to include two features including a lack of transparency. I think it is clear if you apply that definition, it is not what lawenforcement has called for. It is in fact contrary to what Law Enforcement has called for in terms of any kind of theoretical mandate or legislative decision. Refer tole use it to any system whereby a provider has the ability to comply with award. When jules spoke about his previous work, i dont think he