Restricting Encryption Will Hurt Security and Economy, Won’t Stop Terrorists from Using It Anyway, ITIF Finds in New Analysis

WASHINGTON—The Information Technology and Innovation Foundation (ITIF) today urged the U.S. government not to limit the commercialization of cybersecurity innovations, especially encryption. In a new report, ITIF argued that restricting encryption would reduce the overall security of law-abiding citizens and businesses, make it more difficult for U.S. companies to compete in a global market, and be ineffective at keeping encryption out of the hands of criminals and terrorists.

“The most prominent voices in the encryption debate argue that we can have strong information security without sacrificing national security, or vice versa. But they are wrong. This is all about tradeoffs,” said Daniel Castro, ITIF vice president and the report’s lead author. “We can’t possibly know how much terrorism we might prevent by weakening encryption, but we can be sure that the economic and social costs of less secure information technology would be enormous. Today’s global economy is built on information technology. Rather than knocking holes in it, the government should be doing everything it can to fortify our digital infrastructure.”

In “Unlocking Encryption: Information Security and the Rule of Law,” Castro and co-author Alan McQuinn, an ITIF research assistant, outline how encryption has evolved over time, present the tradeoffs involved with different methods the government could use to gain access to encrypted data, and refute arguments for government restrictions on encryption.

The authors conclude that weakening encryption would not keep encryption out of the hands of determined criminals and terrorists, because it is readily available through open-source software or foreign providers.

The analysis finds that restricting encryption would instead lead to:

• Decreased security. While criminals and terrorists may take advantage of encryption, it is utterly essential for the broader digital economy and society. Limiting encryption exposes law-abiding citizens and organizations to more attacks on their data. In addition, it weakens security for the U.S. government, which relies on commercial information technology products.
• Decreased U.S. competitiveness. The U.S. government’s failure to reform many of its intelligence community’s surveillance programs has already damaged the competitiveness of the U.S. tech sector, costing it global market share. This trend will be exacerbated if the U.S. government imposes restrictions on commercial encryption.

Rather than place barriers on encryption, ITIF urges the U.S. government to rebuild trust and strengthen data security at home; provide law enforcement with new tools to uphold the law; establish clear rules for government hacking; and pursue a pro-cybersecurity foreign policy agenda.

“Unfortunately, we are seeing a repeat of the ‘crypto wars’ of the 1990s. U.S. efforts to limit encryption will undermine significant progress made in information security and give foreign competitors an advantage in global markets,” said Castro. “The U.S. government should not be limiting private sector innovations that would improve cybersecurity for millions of consumers and businesses. Instead, the United States should block any attempts to restrict encryption and champion strong encryption as part of a broader strategy for improving cybersecurity around the world.”

Read the executive summary.

Read the report.