Working Group on "Encryption Policy & Government Hacking"

Problem Analysis

The first working hypothesis was that Germany and the United States should forego any further encryption policy and mandatory backdoors discussion and rather focus on the analysis of obtaining digital evidence through a variety of other means including government hacking.

The problem analysis which has been conducted and published revealed that government hacking faces many challenges.

The following areas have been identified for further research and analysis:

  1. assessing government hacking and identifying alternatives;
  2. evaluating and designing a comprehensive vulnerability management scheme;
  3. discussing future challenges arising from digital evidence;
  4. exploring the adequacy of judicial review;
  5. mitigating possible foreign policy implications.


Addressing Challenges


A workshop conducted in Washington D. C. on July 12-13 brought together members of the working group on encryption policy & government hacking to discuss the results of the problem analysis and the way forward. Based on the outcome of the problem analysis, the working group discussed various ideas on how to address those challenges.

The working group agreed to collaborate on the following:

  1. drafting principles for a comprehensive vulnerability management scheme, taking into consideration the international and human rights dimensions;
  2. drafting a holistic framework for government hacking, including legal bar/standards, the nature of digital evidence, impact minimization (such as exploring alternatives), minimum disclose details as well as the international and human rights dimensions.

The next workshop has been loosely scheduled for spring 2018 to discuss the results of the collaboration on those issues and plan the subsequent policy and outreach activities.

Another outcome of the workshop is the jointly agreed “Initial Take-Away on Encryption Policy and "Government Hacking".


Working Group


The working group consists of 44 members from civil society, private sector and academia from Germany and the United States. The views and opinions expressed by TCF as a whole (and on this website) are those of the project team and do not necessarily reflect the official policy or position of the individuals in the working group and that of their employer. Any statement linked on the website only represents the views of the respective signatories. The following members agreed to be named on this website:

  1. Simon Assion, Bird & Bird
  2. Kevin Bankston, New America’s Open Technology Institute
  3. Cathleen Berger, Mozilla
  4. Ulf Buermeyer, Gesellschaft für Freiheitsrechte
  5. Chris Calabrese, Center for Democracy and Technology
  6. Betsy Cooper, Center for Long-Term Cyber Security, University of Berkeley
  7. Jennifer Daskal, American University Washington College of Law
  8. Alan Duric, Wire
  9. Marc Fliehe, Verband der TÜV e. V. (VdTÜV)
  10. Sharon Bradford Franklin, New America
  11. Benjamin Güldenring, Institute for Computer Science of the Freie Universität Berlin
  12. Jan Dominik Gunkel, DIGANTRO
  13. Sven Herpig, Stiftung Neue Verantwortung
  14. Stefan Heumann, Stiftung Neue Verantwortung
  15. Scarlet Kim, Privacy International
  16. Klon Kitchen, Heritage Foundation
  17. Karsten König, CIPHRON
  18. Andreas Kuehn, Cyberspace Cooperation of the East West Institute
  19. Susan Landau, Tufts University
  20. Emily McReynolds, University of Washington Tech Policy Lab
  21. Daniel Moßbrucker, Reporters without Borders
  22. Dr. Holger Mühlbauer, TeleTrusT
  23. Jan Neutze, Microsoft
  24. Jörg Pohle, Alexander von Humboldt Institut für Internet und Gesellschaft
  25. Rainer Rehak, FIfF (Computer Scientists for Peace and Social Responsibility)
  26. Thomas Reinhold, CyberPeace
  27. Volker Roth, Institute for Computer Science of the Freie Universität Berlin
  28. Ross Schulman, New America’s Open Technology Institute
  29. Julia Schuetze, Stiftung Neue Verantwortung
  30. Ari Schwartz, Venable LLP
  31. Megan Stifel, Public Knowledge
  32. Eric Wenger, Cisco
  33. Christoph Zurheide, Deutsche Post DHL Group

The Working Group on "Encryption Policy & Government Hacking" is part of the Transatlantic Cyber Forum