Foreseeable but Unintentional Consequences of the Encryption Debate

On 12 May 2016, at the ‘Inside the Dark Web’ conference held in New York, Black Chambers will weigh in on the long-lasting and largely undiscussed implications of the ongoing legal battles over encryption.

Taking center stage at the debate over whether encryption should be regulated on the device level, was the federal court repartee between the FBI and Apple. Much has been said about the merits of the arguments on both sides, but little has been discussed about the long-term unintentional consequence of weakening corporate defenses to malicious activity ongoing on the dark web. Our panel will address three components of this direct collision of law and information security.

First, we will first address the disposition of the FBI v. Apple legal battle. Two of our panel participants were intimately involved in the legal battle between 2600 Magazine and the MPAA (Universal Studios v. Reimerdes), being cited for the somewhat shaky proposition that source code should be protected by the First Amendment.

Second, our talk will delve into the often-overlooked State legislation that proposes to regulate encryption on mobile devices and elsewhere and the status of the UK's Investigatory Powers Bill. The focus on this portion will be on the breadth of the legislation, and possible negative effects on corporate security.

Finally, options for securing and protecting data using existing encryption products and services will be explored. Whether the FBI v. Apple legal battle and whether State or international legislation will impact such services will be assessed. Critically, however, this portion will focus on the policies and practices of cloud service providers, and the best options for a company to legally secure its own data, both from the prying eyes of malicious actors and from governmental or regulatory overreach.