Congress should create a national commission to investigate the difficulties encryption has created for law enforcement, a bipartisan pair of lawmakers argued Monday in a Washington Post op-ed.
“Congress must be proactive and should officially convene a body of experts representing all of the interests at stake so we can evaluate and improve America’s security posture as technology — and our adversaries — evolve,” said House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.).
It’s an idea that McCaul first floated several weeks ago, after terrorist attacks in Paris and San Bernardino, Calif.
The deadly incidents have given new urgency to a long-running debate over encryption. Lawmakers and investigators said they believe the people behind those incidents used encrypted communication to hide their plans.
“This presents an extraordinary security challenge for the United States and our allies,” McCaul and Warner said. “Because extremists are ‘going dark,’ law enforcement officials warn that we are ‘going blind’ in our efforts to track them.”
Officials looking into the Paris attacks said they have definitive evidence the terrorists used the popular encrypted apps Telegram and WhatsApp to help plan the assault that killed 130 people.
“Frustratingly, there are no easy answers,” said McCaul and Warner. “The same tools that terrorists and criminals are using to hide their nefarious activities are those that everyday Americans rely on to safely shop online, communicate with friends and family, and run their businesses.”
For some, the answer is legislation. Senate Intelligence Committee Chairman Richard Burr (R-N.C.) has called for a law that would require companies to decrypt data upon government request. But the tech community is balking at that, arguing that such a mandate would defeat the purpose of encryption.
Major tech players including Apple have even refused to comply with court orders to turn over encrypted data, arguing that they can’t access information secured by their own products. Only this type of inaccessible encryption truly protects data from hackers, technologists insist.
McCaul and Warner agreed with this assessment.
“Encryption is a bedrock of global commerce, and it has helped enhance individual privacy immeasurably,” they said. “It is also integral to our cybersecurity efforts — protecting individuals, U.S. businesses, intellectual property and our nation’s critical infrastructure.”
Yet because this same uncrackable technology is also used to hide nefarious activities, “digital innovations present us with a paradox,” they added.
A bill that would require companies to maintain a guaranteed entry point into their encrypted data would backfire, McCaul and Warner cautioned.
“Such a law could weaken Internet privacy for everyone and could have the unintended consequence of making our information systems more vulnerable to attack,” the pair said. “Moreover, in our globalized world, a U.S.-only solution would likely have only a limited impact and could encourage offenders to simply use technology developed overseas instead.”
But Congress must act, they said, suggesting a national commission of all relevant parties is the right step forward.
“We are seeking the brightest minds from the technology sector, the legal world, computer science and cryptography, academia, civil liberties and privacy advocates, law enforcement and intelligence to collaboratively explore the intersection of technology and security,” the duo said.
McCaul and Warner explained the group would tasked with “generating much-needed data and developing a range of actionable recommendations that can protect privacy and public safety.”
The effort may have momentum in Congress. Several Capitol Hill leaders have appeared hesitant to back Burr’s legislative efforts. McCaul and Warner’s alternative may be more palatable to lawmakers and the tech community.
“We cannot wait for the next attack before we outline our options,” they said.