National Academies of Sciences, Engineering, and Medicine committee tackles data privacy and national security

Seny Kamara, a computer scientist at Brown, is part of a committee that will explore the tradeoffs between data privacy, encryption, national security and law enforcement.

PROVIDENCE, R.I. [Brown University] — Privacy advocates see the increasing use of encryption to protect online communications from hackers and unlawful surveillance as an unequivocally good thing. But it raises concerns among law enforcement and intelligence agencies that they might not be able to access information even when they have the legal authority to do so, which might hinder their ability to sniff out terrorist plots and uncover and prosecute criminal activity.

The National Academies of Sciences, Engineering, and Medicine has formed a committee of experts from industry, law enforcement, government and academia to study the interplay between these perspectives. The goal is to explore the range of options for protecting online privacy while still enabling access—within a legal framework—to data.

Seny Kamara, an associate professor of computer science at Brown and an expert in data security and cryptography, is one of the participants in that committee. The group held its first set of meetings last week and is working toward a report next year.

Kamara discussed the committee and his role in it.

Could you offer some context about the state of encryption?

Encryption is widespread today and its use is expanding. For example, we have technologies like disk encryption. If someone steals your laptop or phone, they can’t access the data without your password. Even if they remove the hard drive, the information on it is encrypted and can’t be accessed. That can make it hard for law enforcement to access information. We saw that in the San Bernardino shooting. The FBI wanted access to the shooter’s phone, but they couldn’t get in without the shooter’s password. Apple would have had to change their operating system to enable that kind of access, and they argued that doing so would weaken privacy for their users, so they refused. That was one high-profile instance where privacy and national security butted heads because of encryption. There are going to be more.

Email and other forms of communication like instant messaging are also an issue. For services like Gmail, the information is encrypted as it travels to and from Google’s servers. As it is now, there are decrypted versions of those emails that exist on those servers. So if a law enforcement agency were to get a warrant, Google could turn over information. But if we move toward end-to-end encryption, where messages are encrypted every step of the way, not even Google would be able to decrypt that text. So in that case a warrant wouldn’t matter.

These are the kinds of issues the committee will be discussing.

What are the goals of the committee?

What the committee is tasked with doing is to think about this problem and to explore whether there are scientifically sound options for giving law enforcement and intelligence agencies access to certain data in the context of an investigation while still maintaining the security and privacy of the public. To do that, the committee brings together people from law enforcement and intelligence as well as legal scholars, people from industry and academic researchers.

What is your role?

My role, along with several others, is to give the computer science research perspective on this. My research focuses on data security and cryptography, so that’s the perspective I can offer. We will be considering various options for addressing this problem and trying to understand the fundamental risks and costs to law enforcement, the intelligence community, to industry and to privacy.

What made you want to be a part of the committee?

I think the main thing for me is that these are really important questions that will impact our lives for the foreseeable future. When we go to Google and type a search, those are our most private thoughts going directly into Google’s servers. The messages we send to our friends and loved ones expose our vulnerabilities. So I think how we manage the tradeoff between privacy and national security is one of the big questions of our time. Getting the opportunity to participate in the discussion is very important to me. I think informing public debates like this is a truly important part of our jobs as academics and scholars.