BSA | The Software Alliance is sharing the BSA Encryption Principles – an analytical tool for examining related legislation and policy proposals. With these principles, BSA aims to help lawmakers and other stakeholders find common ground in the encryption debate by addressing the needs and responsibilities of all sides.
“These principles offer a concrete step to help move the encryption discussion forward,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “We have to get this right. Encryption safeguards everything from our personal privacy to critical infrastructure, such as global transportation and financial systems, power grids and water supplies. At the same time, we need law enforcement to be able to stop criminals and terrorists so we can live in as safe and secure a world as possible. These principles are a lens through which any encryption proposal should be tested, so that all sides of the issue are considered.”
The Encryption Principles call on all sides of the encryption debate to work together constructively and evaluate any proposals in light of their effect on:
Improving data security: Providers of data services – storing, managing or transmitting personal or business data – must be permitted to use the best available technology to thwart attacks against that data or the entities and individuals who depend on those services.
Enhancing law enforcement and counter-terrorism capabilities: Law enforcement agencies, subject to appropriate privacy and civil liberties safeguards, should have access to the best available resources, information, and tools available to prevent and prosecute terrorist and criminal acts.
Promoting privacy: Individuals have a right to be secure in their public, private and commercial lives and interactions.
Protecting confidential government information: National, state and local agencies should ensure that the data they hold is secure against threats of domestic and foreign intrusion.
Encouraging innovation: Developers and providers of innovative data security tools should be free of government mandates on how to design technology products and tools for digital security.
Defending critical infrastructure: Providers of essential services, such as banking, health, electricity, water and other critical infrastructure providers, should be empowered to provide the best available security technologies to their users. Best practices should be widely shared.
Understanding the global impact: Criminal and terrorist acts are not limited by national borders, and laws and policies therefore must create consistency and clarity in all countries where security technologies are developed and used.
Increasing transparency: There should be full, transparent, and considered public dialogue before any legislative proposal concerning the future of technology mandates or encryption is adopted.