Passado, presente e futuro da criptografia forte: Desenvolvimento tecnológico e regulação

Abstract

Recent episodes of WhatsApp blocking in Brazil and the standoff between Apple and the FBI in the United States portray a scenario of clash between nation-states and private companies that use "strong encryption" - encryption that does not provide a mechanism for law enforcement access even when due legal process was observed. Based on an analysis of the specialized literature, this article shows how it came to this point and what regulatory issues are at stake. First, it maps the history of the so-called "crypto wars" in the United States and in Brazil. Next, it analyzes if and when there is a legal duty applicable to private entities to build communication and data storage systems that are susceptible to breaches of confidentiality, whenever due process is followed. Finally, it discusses policy issues at the heart of the debates on strong encryption: the potential effects on public safety and the 'exceptional access' proposal. The article presents two conclusions. First, that the putative legal duty applicable to technology and internet companies of having the ability to breach secrecy is not evident in the current legal framework. Second, that, in the current state of the art, the balance of risks, costs and benefits of strong encryption recommend the unimpeded preservation of this technology.