Initial Take-Away: Encryption Policy and "Government Hacking"
The Transatlantic Cyber Forum (TCF) is an initiative of the Berlin based think tank Stiftung Neue Verantwortung to bring together experts from civil society, academia, think tanks, and businesses from the United States and Germany to discuss pressing issues in cyber security.
On July 12-13, 2017, a group of TCF experts met in Washington DC to discuss "government hacking" and encryption policy. All experts shared the basic premise that strong encryption is the basis for secure digital communications. Thus, they rejected any proposal to weaken encryption standards or require that providers of encrypted products or services redesign their offerings in order to facilitate government access. Such technical mandates or “backdoor” requirements would severely undermine cyber security, hence national security, while doing little to prevent “bad” actors’ access to encryption.
At the same time, the working group realized that government agencies will continue to demand access to digital communications and stored data to conduct criminal investigations and to prevent serious crimes. Given that "government hacking" has been identified by the German and US government as a tool to enable their agencies to access encrypted communication and data, the group is concerned about the lack of clear legal or policy frameworks for "government hacking" or for management (includes sharing and reporting) of the vulnerabilities that it requires.
The group therefore sees the development of a holistic and prudent approach towards "government hacking" as a pressing need. Such an approach should take into account the international ramifications and human rights implications of such practices. In the coming months, the group will work on principles for a (legal) framework of "government hacking" as well as principles for a vulnerability management scheme to address these challenges.
Members of the TCF working group on "encryption policy & government hacking" who support this initial take-away.
Kevin Bankston, Open Technology Institute, New America
Cathleen Berger, Mozilla
Ulf Buermeyer, Gesellschaft für Freiheitsrechte
Chris Calabrese, Center for Democracy & Technology
Jennifer Daskal, College of Law, American University Washington
Alan Duric, Wire
Sharon Bradford Franklin, Open Technology Institute, New America
Benjamin Güldenring, Institute for Computer Science Freie Universität Berlin
Jan Dominik Gunkel, Wachter Digital Partners
Sven Herpig, Transatlantic Cyber Forum, Stiftung Neue Verantwortung
Stefan Heumann, Stiftung Neue Verantwortung
Scarlet Kim, Privacy International
Emily McReynolds, Tech Policy Lab, University of Washington
Daniel Moßbrucker, Reporters without Borders
Jan Neutze, Microsoft
Jörg Pohle, Alexander von Humboldt Institut für Internet und Gesellschaft
Rainer Rehak, FIfF, Computer Scientists for Peace and Social Responsibility
Thomas Reinhold, CyberPeace
Volker Roth, Institute for Computer Science, Freie Universität Berlin
Ross Schulman, Open Technology Institute, New America
Julia Schütze, Transatlantic Cyber Forum, Stiftung Neue Verantwortung
Megan Stifel, Public Knowledge
Christoph Zurheide, DHL Group, Deutsche Post
Berlin/ Washington DC, 23 August 2017
Dr. Sven Herpig
Dr. Stefan Heumann