Advertisement

On the Incommensurability of Laws and Technical Mechanisms: Or, What Cryptography Can’t Do

  • Joan FeigenbaumEmail author
  • Daniel J. Weitzner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11286)

Abstract

We examine several technology-policy debates in which technical and legal perspectives are so at odds that they approach incommensurability. Investigating the use of digital rights management systems in the online-copyright debate and the dispute over the impact of end-to-end encryption on lawful surveillance, we offer an analysis of the source of this incommensurability. In these two policy debates, both sides invoke the rule of law to support their position, but in each case they draw selectively from the constituent parts of the rule of law, resulting in seemingly irreconcilable differences. We show that the rule of law is actually composed of rules (susceptible to deterministic evaluation against a set of facts) and principles (expressing important values but not susceptible to purely formal evaluation). The clash between rules and principles exacerbates the difference in perspective between system designers, who favor formal rules, and policy makers, who are more comfortable with situational application of principles. Following our observation that the rules-principles gap makes for incommensurate debate between legal and technical actors, we identify steps that each discipline can take to move toward more coherent policy for the networked, digital environment.

Notes

Acknowledgements

Feigenbaum was supported in part by US National Science Foundation grants CNS-1407454 and CNS-1409599 and by the William and Flora Hewlett Foundation grant 2016-3834. Weitzner was supported in part by the William and Flora Hewlett Foundation grant 2014-1601.

References

  1. 1.
    Abelson, H., et al.: Keys under doormats: mandating insecurity by requiring government access to all data and communications. J. Cybersecur. 1, 69–79 (2015).  https://doi.org/10.1093/cybsec/tyv009CrossRefGoogle Scholar
  2. 2.
    An Open Letter from US Researchers in Cryptography and Information Security, 24 January 2014. masssurveillance.info
  3. 3.
    Barrett, D.: FBI repeatedly overstated encryption threat figures to congress, public. Washington Post, 22 May 2018Google Scholar
  4. 4.
    Carpenter v. United States, No. 16–402, 585 U.S. (2018)Google Scholar
  5. 5.
    Dworkin, R.: Taking Rights Seriously. Harvard University Press, Cambridge (1978)Google Scholar
  6. 6.
    Feigenbaum, J., Hendler, J., Jaggard, A., Weitzner, D.J., Wright, R.: Accountability and deterrence in online life. In: Proceedings of the 3rd International Web Science Conference. ACM, New York, June 2011. Article no. 7.  https://doi.org/10.1145/2527031.2527043
  7. 7.
    Frankle, J., Park, S., Shaar, D., Goldwasser, S., Weitzner, D.J.: Practical accountability of secret processes. In: Proceedings of the 27th Security Symposium. USENIX, Berkeley, August 2018Google Scholar
  8. 8.
    Hennessey, S., Wittes, B.: Apple is selling you a phone, not civil liberties. Lawfare, 18 February 2016. https://lawfareblog.com/apple-selling-you-phone-not-civil-liberties
  9. 9.
    In re Search of an Apple iPhone, 2016 WL 618401Google Scholar
  10. 10.
    Jackson, J.: Security expert seeks to make surveillance costly again. Computerworld, 7 November 2013. https://www.computerworld.com/article/2485721/data-security/security-expert-seeks-to-make-surveillance-costly-again.html
  11. 11.
    Kroll, J., Felten, E., Boneh, D.: Secure protocols for accountable warrant execution. Working paper. https://www.jkroll.com/papers/warrant_paper.pdf
  12. 12.
    Meisner, J.: Protecting customer data from government snooping. Microsoft Technet: The Official Microsoft Blog, 4 December 2013. https://blogs.technet.microsoft.com/microsoft_blog/2013/12/04/protecting-customer-data-from-government-snooping/
  13. 13.
    Pato, J., Paradesi, S., Jacobi, I., Shih, F., Wang, S.: Aintno: demonstration of information accountability on the web. In: Proceedings of the 3rd International Conference on Privacy, Security, Risk, and Trust and 3rd International Conference on Social Computing, pp. 1072–1080. IEEE Computer Society, Los Alamitos, October 2011Google Scholar
  14. 14.
    Prevelakis, V., Spinellis, D.: The Athens affair. IEEE Spectr. 44(7), 26–33 (2007).  https://doi.org/10.1109/MSPEC.2007.376605CrossRefGoogle Scholar
  15. 15.
    Rozenshtein, A.J.: Surveillance intermediaries. Stan. Law Rev. 70, 99–189 (2018)Google Scholar
  16. 16.
    Rogaway, P.: The moral character of cryptographic work. Cryptology ePrint Archive, Report 2015/1162 (2015). https://eprint.iacr.org/2015/1162
  17. 17.
    Smith v. Maryland, 442 U.S. 735 (1979)Google Scholar
  18. 18.
    United States v. Carpenter, 819 F.3d 880 (6th Cir. 2016)Google Scholar
  19. 19.
    United States v. Jones, 565 U.S. 400 (2012)Google Scholar
  20. 20.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.: Information accountability. Commun. ACM 51(6), 82–89 (2008).  https://doi.org/10.1145/1349026.1349043CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Computer Science DepartmentYale UniversityNew HavenUSA
  2. 2.Internet Policy Research InitiativeMassachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations