A place to exchange ideas and perspectives, promoting a thriving innovation economy through public policy
641 Discussions

Intel's Position on Encryption Policy

0 0 965
By Steven R. Rodgers, Senior Vice President & General Counsel

Intel believes governments should not weaken the security of technology.   On the current policy discussions of whether governments should be able to access the content of encrypted communications, Intel has the following perspective. 

  • Encryption is fundamental to the global economy

  • The law does not, and should not, mandate companies to include backdoors

  • Encryption must not be architected with backdoors

  • Government mandates on the design of technology are likely to impede needed innovation

  • Finding a path forward requires collaboration between industry and law enforcement

Intel is a leader in security

Intel has invested billions of dollars in the development of security technology.  Our Intel Security business has the mission of understanding cybersecurity risks and delivering global scale solutions to address them.  We also integrate security into the design process for all of our technologies. Intel has long had a policy that we do not participate in any efforts to decrease security in technology and do not design backdoors for access into our products. During the height of the cryptography policy debate in the late 1990s, Intel strongly supported the use of encryption.  That approach is still the best public policy option. Governments should pursue strengthening the security of technology, while looking for other methods to combat terrorism and prosecute crime. 

Encryption is fundamental to the global economy

Encryption is a fundamental building block of the global economy. Encryption allows users to communicate and store information securely and confidentially. Every sector of our economy relies on robust encryption technology to protect against unauthorized access to sensitive information. Intel's customers demand hardware and software products that deliver strong encryption.  As new products such as wearable and connected home technologies become more popular, encryption will become even more important to protecting individuals. 

Encryption must not be architected with backdoors 

Any backdoors built into encryption would undermine the technology’s value, not to mention individuals’ security.   Every backdoor created is another weakness for hackers to exploit. Likewise, a requirement that PCs, mobile phones, or other computing devices contain built-in vulnerabilities is an open invitation for bad actors around the world to target our digital infrastructure.

What’s more, mandated backdoors would do little to address the national security concerns raised by criminals’ use of encrypted communications platforms. While the U.S. is certainly a leader in technologies using encryption, we do not have a monopoly in the area and cannot control innovation beyond our borders.  If U.S. companies are forced to include access points for law enforcement, criminals and terrorists will attempt to exploit them while pursuing others that are developed elsewhere and are readily available in the U.S.   Encryption is just the implementation of math, and is readily available globally.  Attempting to regulate encryption in the U.S. will make U.S. technology less secure, while terrorists and criminals will use strong encryption developed elsewhere. 

Why the law does not, and should not, mandate companies to include backdoors 

The debate over law enforcement’s access to encrypted communications is not a new development. In 1994 Congress weighed in on the issue when it passed the Communications Assistance for Law Enforcement Act (CALEA). Acknowledging law enforcement’s legitimate interest in accessing certain digital telephone conversations, CALEA requires certain private sector service providers to build in surveillance capabilities that can be used by law enforcement to intercept encrypted communications. Importantly, however, Congress stopped short of requiring that these providers decrypt or otherwise undermine the security measures on their customers’ personal devices.

The choice between intercepting data traveling over a network and accessing data stored on a personal device was the result of many months of reasoned debate and deliberation by Congress. Even in 1994, Congress was well aware of the issues at play.  The end result was a deliberate decision to preserve the right of private companies to innovate and deploy the highest standards of security on their products.

Despite this fact, the U.S. Department of Justice and the FBI have attempted to expand their authorities, using the courts in an attempt to apply 18th century law in a 21st century context. The All Writs Act was enacted in Congress’s very first session and was meant as a judicial catch-all to compel certain actions where no existing law or statute would apply. While such “gap-filling” jurisdictional authority is properly reserved for those rare instances where Congress has not yet engaged, it is entirely inappropriate to invoke this authority when Congress has clearly spoken on an issue, as it did in CALEA.

Government mandates on the design of technology are likely to impede needed innovation 

Intel is opposed to government mandates attempting to force companies to weaken the security of their technology and dictate how technology should be developed. Technology mandates are likely to chill innovation, hurt the economy, and in this case weaken security. The technology industry is fast-moving and depends on rapid innovation to meet customer requirements and address constantly evolving cybersecurity risks.  Further, U.S. government attempts to mandate the design of technology will decrease the ability of U.S. companies to resist similar attempts by other governments, potentially decreasing U.S. company access to certain markets and thereby hurting the U.S. economy.

In addition, these country-specific requirements put at risk the model of developing the best technology possible and deploying those innovations globally. The result will increase complexity, frustrate interoperability and likely weaken security. Governments should send a strong message globally that mandates on the design of commercial technology are bad public policy.

Finding a path forward requires collaboration between industry and law enforcement 

Law enforcement and national security agencies have critical missions. Intel respects and is grateful for the tireless work of the public servants who further law enforcement and protect national security. Intel and other technology companies have a long history of responding to lawful demands for information from government agencies.

However, continued focus and analysis on government regulation of encryption takes focus away from the possibilities of working with industry to effectively combat terrorism and criminal organizations. Instead of continuing to argue over backdoors in encryption or commercial technology design mandates, government and industry should invest in dialogue on how to provide privacy and foster innovation, while fighting crime and terrorism.  Intel will continue to work to further that discussion.