Disclaimer: This essay is provided as an example of work produced by students studying towards a social policy degree, it is not illustrative of the work produced by our in-house experts. Click here for sample essays written by our professional writers.

This essay is not an endorsement of any political party or statement. UKEssays.com does not accept payment of any kind for the publishing of political content.

Should Governments Regulate Encryption?

Paper Type: Free Essay Subject: Social Policy
Wordcount: 2579 words Published: 18th Nov 2021

Reference this

Abstract

Encryption was first recorded in 600 BC when the Spartans use a device to send secret messages during battle. Since then the use of encryption has become much more advanced and used exponentially more. Many people believe that regulating encryption will help prevent criminals from remaining anonymous. Every country is different when it comes to regulating encryption, but no one has found the perfect balance between providing effective security and preventing criminals from avoiding investigation. This report will analyze if governmental regulation of encryption is worth the violations of privacy. Specifically, this paper will compare the pros and cons of regulating encryption which can violate citizen’s privacy or assist in seizing criminals.

Keywords: encryption, regulation, data security, government

Does the Government Need to Regulate Something as Important as Encryption?

In the rapidly growing age of technology, things become new more quickly. With the constant need to keep ‘updated’ in the world, there is also a need to keep security. Encryption has been around for a long time, but modern encryption wasn’t invented until the enigma machine in 1918. This is very recent, putting in perspective that no laws or policies were in place at the time to keep encryption from running rampant. Even in current day, we are still having trouble coming up with regulations for this. When Apple had an argument with the FBI over access to a locked iPhone used by the San Bernardino gunman, North Carolina’s senators offered a bill that would have required companies to provide unencrypted versions of data if given a court order. This is just one example of many. Current day encryption has a multitude of different algorithms, some of which are monitored and regulated by the government. But does the government regulating encryption mean that citizens must give up some sense of privacy? Or does it meant that criminals attempting to remain anonymous will be caught.? This report will analyze scholarly opinions and different country’s policies on regulating encryption and come to a conclusion, answering the following questions.

  1. What are the current regulations for encryption and do countries have different rules?
  2. Are citizen’s privacy at risk by regulating or not regulating encryption?
  3. What are the trade-offs for regulating or not regulating encryption?
  4. What are some possible regulations to control encryption?
  5. How will these regulations affect our daily lives?

In a new age of technology, privacy is a key component to a healthy, functioning society and the government’s role in regulating encryption could jeopardize these rights.

What are the current regulations for encryption and do countries have different rules?

Before looking to deeply into the morals of regulating encryption we need to understand what regulations are currently in place. Every country has a different take on what needs to be controlled. For example, Estonia surprisingly, is one of the most networked countries in the world. Citizens use networks for banking, voting, paying taxes as well as other things. In 2007, Estonia was hit with a massive cyber attack taking down banks, telephone networks and television stations (Sales, 2013, para. 3). Since then, Estonia has set up a “Cyber Defense Unit” to react to those kinds of situations. However, despite a dedicated unit, according to article 215 of their Criminal Procedure Code, investigative authorities can order the production of information from any person, but they cannot require that person to divulge encryption keys or passwords. This means that the citizens are allowed some form of privacy, which other countries do not. All countries take a different approach by attempting to regulate encryption in a multitude of ways. Saper stated in his journal that “some countries restrict the import or export of cryptographic technology, others restrict the import of encrypted data, and still others restrict or prohibit the use of encryption within their borders” (Saper, 2013, p. 3). Countries like the United states are an example of all three. The U.S. regulates all imported and exported encryption through The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR).

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!
Find out more about our Essay Writing Service

Each country has a unique way of dealing with encryption techniques which vary in forms of privacy; India has a mandatory encryption strength. China requires that manufacturers must have their encryption method approved by the National Commission on Encryption Code Regulations. Russia demands a license for distributing encryption algorithms. They all attempt to help them draw the line between being able to prevent criminals from using encryption maliciously, while simultaneously allowing citizens their right of discretion. Regulating encryption is a constantly evolving area and the disparate regulations of each country presents the complexity of the problem we are facing as this issue evolves further.

Are Citizen’s Privacy at Risk by Regulating or not Regulating Encryption?

Governments regulating encryption is not pointed towards specific or individual people. They are not targeting the privacy of their citizens. For the most part governments are attempting to regulate companies or tech providers that hold or sell user data. The data that the government is regulating however, is user data at the core. Unless you are under investigative authority there is not much you have to worry about. In fact, encryption regulations simply help every day consumers. For example, section 103(a) of the Communications Assistance for Law Enforcement Act of says that “telecommunications carriers cannot use encryption themselves in a way which would prevent them from being able to intercept communications or deliver them to the government” (Global Partners Digital, 2018). But everything is prone to being hacked, meaning ultimately no ones data is 100% secure or private.

What Are the Trade-Offs for Regulating or not Regulating Encryption?

Like all aspects of life there are pros and cons to everything. In trading in privacy there are a lot of downsides that come with it. The growing use of encryption has significantly reduced the amount of plaintext that investigative officials can access. The number of smart phone users have boomed in the last decade with 47% of all smartphone and tablets using full disk encryption. This poses a serious threat to law enforcement and intelligence agencies. “Federal Bureau of Investigation (FBI) General Counsel James Baker reported that for fiscal year 2016, the FBI had encountered passcodes on 2,095 of the 6,814 mobile devices examined by its forensic laboratories.” (National Academics of sciences, et. al, 2018, pg. 31) Of those 2,095 devices only 1,210 were able to be broken into. And in 2017 the “FBI was unable to access about 7,500 mobile devices submitted to its Computer Analysis and Response Team, even though there was legal authority to do so.” This means there was an alarming amount of evidence that the FBI was denied to encryption standards not held by the government or companies. Not only are investigative authorities being held up by device encryption but most information off shore is inaccessible for the most part. Gmail, for example, stores their emails in servers not in the united states. Because Google stores these servers over seas it makes it harder for intelligence officials to gain accesses to plaintext.[1] The increased use of encryption also has other effects in helping criminals retain anonymity on the web. The U.S. Department of Justice’s National Strategy on Child Exploitation Prevention and Interdiction Working Group conducted a study on “more than 1,000 federal, state, local, and tribal investigators” (National Academics of sciences, et. al, 2018, pg. 42). In 2016 they concluded that more than 30 percent of respondents reported that the use of encryption by child pornography offenders has significantly increased.

By these statistics it shows that not only are intelligence agencies and tech corporations having trouble retaining access to plaintext of everyday items like smart phones and emails, but criminals are using it to provide themselves cover for communication. Like many things, encryption is a double-edged sword, and universal or at least federal regulations are a must-have when attempting to control encryption.

What Are some Possible Regulations to Control Encryption?

As mentioned in footnote one (pg.6), the CLOUD act takes a huge step in being able to receive data that is stored over seas from the United States. This means the companies that operate without borders are now required to give data in the United States. But this is just in investigative cases, there are other steps being taken by other countries and state powers. California, for example, passed the Consumer Privacy Act of 2018 which means that” companies who do not encrypt data or neglect to employ ‘reasonable security procedures’ are liable to be sued by consumers whose data is compromised” (Crane, 2019, para 7). This means that aside from information security, companies are to be held liable for ignorance in user data security. Denmark also has a regulation known as Data Protection Regulation. It states that when transmitting sensitive data, public authorities and private companies must use some form of encryption. The exact same as the United States’ Federal Information Processing Standards and General Data Protection Regulation. These are all example of great legislation by different unions that have shown to be effective in preventing sensitive data from being accessed as plaintext by malicious third parties. There are also a lot of great regulations in banking like the European Banking authority, the Gramm-Leach Bliley Act of the U.S., the New York Department of Financial Services. But the best is the Payment Card Industry Data Security Standard from the Payment Card Industry Security Standards Council. This is a global regulation that requires that companies that do not encrypt data and use security procedures be held liable by fines or penalties.

 A lot of progress is being made in order to completely protect consumers. The problem is protecting consumers while also allowing intelligence agencies to be able to function. Very few countries have a minimum or maximum-security standard, for encryption and still only a few countries regulate import and exported encryption (Fig. 1). ­

Figure 1 “Countries with Import and Export regulated encryption” (Global Partners Digital, 2018)

There are already several regulations that we have, that have made great strides in helping improve not only the security of consumers, but also aided in allowing intelligence agencies and government officials’ investigations. There is still a lot of work to be done. Recently the ‘Five Eyes’ Governments, (US, UK, Canada, Australia and New Zealand) called for encryption backdoors to be used in tech companies released devices. This is not a great solution as it violates many citizens’ privacy and let’s be realistic, there is no such thing as a secure back door. In fact, there have been numerous times where the government’s security has failed, 2015’s U.S.  voter database just being one example.

How Will these Regulations Affect Our Daily Lives?

These upcoming and new regulations are a step in the right direction to maintain national and personal security. Some of the proposed legislature might be going a little overboard, not only violating citizens’ privacy, but their security as well. Currently, for the most part, all encryption regulations are really imposed to require tech companies to secure and control user data or aid in investigations. Unless you run a business, staying up-to-date on encryption legislation is not a necessity. Of course, it can’t hurt to know what laws there are surrounding your geographical location, but for your everyday consumer these regulations are designed solely to protect you.

Despite being an age-old tactic in sending and receiving hidden messages, encryption is the latest in the constantly evolving world of science and technology. There are many current and useful regulations for encryption. Global regulations like the PCI DSS all the way down to state regulations like California Consumer Privacy Act. However, the use of encryption by criminals is unprecedented and must be stopped. Creating regulations that balance citizens privacy and uphold standards set by intelligence officials is key in attempting to create a secure and safe society.

References

Sales, N. A. (2013). REGULATING CYBER-SECURITY. Northwestern University Law Review, 107(4), 1503-1568. Retrieved from http://ezproxy.libproxy.db.erau.edu/login?url=https://search-proquest-com.ezproxy.libproxy.db.erau.edu/docview/1499304970?accountid=27203

Saper. N. (2013). International Cryptography Regulation and the Global Information Economy. Northwestern Journal of Technology and Intellectual Property Nw. J. Tech. & Intell. Prop. 673 Retrieved from
https://scholarlycommons.law.northwestern.edu/njtip/vol11/iss7/5

National Academies of Sciences. Engineering, and Medicine. Division on Engineering and Physical Sciences & Computer Science and Telecommunications Board. (2018). Decrypting the Encryption Debate, A Framework for Decision Makers. Consensus Study Report. doi: 10.17226/25010

Global Partners Digital.(2018) “World Map of Encryption Laws and Policies.” Global Partners Digital, 2018, www.gp-digital.org/world-map-of-encryption/.

Crane, Casey. (Jul, 8, 2019). “10 Data Privacy and Encryption Laws Every Business Needs to Know.” Hashed Out by The SSL Store™, www.thesslstore.com/blog/10-data-privacy-and-encryption-laws-every-business-needs-to-know/.


[1] In Supreme Court Case United States v Microsoft Corp, it was determined that requiring Microsoft to disclose the electronic communications would be an unauthorized. From this Congress enacted, and the President signed into law the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) which allowed federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.

 

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please:

Related Services

Our academic writing and marking services can help you!

Prices from

£124

Approximate costs for:

  • Undergraduate 2:2
  • 1000 words
  • 7 day delivery

Order an Essay

Related Lectures

Study for free with our range of university lecture notes!

Academic Knowledge Logo

Freelance Writing Jobs

Looking for a flexible role?
Do you have a 2:1 degree or higher?

Apply Today!