Alan Z. Rozenshtein (University of Minnesota Law School) has posted Wicked Crypto (9 UC Irvine Law Review (Forthcoming)) on SSRN. Here is the abstract:
Encryption safeguards our digital and physical selves. But when encryption impedes law-enforcement investigations, it can undermine public safety. Can we design a system such that our data is secure against malicious actors while simultaneously accessible to the government pursuant to lawful process?
This article, prepared for the UC Irvine Law Review's symposium on gender, equality, and technology, tries to advance the debate over government access to encrypted data. First, it explains that, although government access to encrypted data is publicly framed as primarily a national-security issue, its biggest public-safety effects are on state and local criminal investigations. Second, drawing on planning and public-administration theory, this article argues that government access to encrypted data is best conceptualized as a “wicked problem”: one where the goals are unclear, the information is incomplete, and the solutions are always provisional. Third, it applies the wicked-problem framework to generate a set of lessons and policy proposals, including: embracing partial solutions like government hacking of encrypted devices, while recognizing the drawbacks and limitations of such approaches; developing policies to generate knowledge about the problem in both the public and private sectors, and creating institutional and legal contexts that promote cooperation rather than antagonism between the government and the technology community.