Congress wades into encryption debate with bill to create expert panel


Congress wades into encryption debate with bill to create expert panel

WASHINGTON — Growing concern about terrorists’ use of encrypted communication is spurring Congress to act, but the first major piece of legislation is taking a cautious approach as lawmakers grapple with how to spy on suspected criminals without weakening cybersecurity and privacy.

House Homeland Security Committee Chairman Michael McCaul, R-Texas, and Sen. Mark Warner, D-Va., who serves on the Intelligence Committee, are set to brief reporters this week on a bill that would create a national commission on security and technology to come up with creative ways to solve the problem. The panel would be made up of civil liberty and privacy advocates, law enforcement and intelligence officials, professors, lawyers, tech executives, and computer science and cryptography experts.

Despite calls from some lawmakers to do so, the bill would not mandate that tech companies build “backdoors” into encrypted cellphones or Internet sites to give law enforcement access to digital communication. The U.S. tech industry strongly opposes such mandates.

“We cannot wait for the next attack before we outline our options, nor should we legislate out of fear,” McCaul and Warner wrote in a recent op-ed in the Washington Post. “Instead, Congress must be proactive and should officially convene a body of experts representing all of the interests at stake so we can evaluate and improve America’s security posture as technology — and our adversaries — evolve.”

Last month, law enforcement officials confirmed that the terrorists who struck Paris in November used encrypted apps to coordinate their attacks. The apps they used were not created by American tech companies.

Islamic State leaders have distributed a 32-page manual of tips for how their followers can conceal their messages by using encrypted devices and apps, McCaul and Warner wrote. They said similar tactics are used by drug traffickers and child predators.

Sen. Dianne Feinstein, D-Calif., vowed last month to introduce legislation with Senate Intelligence Committee Chairman Richard Burr, R-N.C., to require companies to provide encrypted data with a court order. Companies such as Apple and Google are currently unable to provide data from their most strongly encrypted cellphones and other electronic devices because the data cannot be accessed by anyone other than the user.

“I’m going to seek legislation if nobody else is,” Feinstein said during a Senate Judiciary Committee hearing last month. “I think this world is really changing in terms of people wanting the protection and wanting law enforcement, if there is conspiracy going on over the Internet, that that encryption ought to be able to be pierced.”

FBI Director James Comey said at the same hearing that he believes companies should be able to comply with court orders to provide communications between suspected terrorists or other criminals. However, he stopped short of saying that Congress should pass a law mandating that companies do so.

Representatives of the U.S. tech industry said that mandating backdoors into encrypted communication would compromise cybersecurity by allowing hackers to gain entry as well.

“A backdoor for the good guys is a backdoor for the bad guys too,” said Adora Jenkins, senior vice president of external affairs at the Information Technology Industry Council, which represents companies such as Facebook, Google, Twitter, Microsoft, Visa, and Samsung.

The council welcomed the idea of a national commission to bring all sides together.

“We think it’s the right way to go about discussing the challenges that law enforcement and technology companies are facing,” said Andy Halataei, the group’s senior vice president of governmental affairs. “In order for this to work, you have to have everybody in the room that has a stake in this issue. You really have to get the technologists and civil libertarians and law enforcement in the room together to talk about what is technically feasible.”

McCaul and Warner said there are no easy answers.

“The same tools that terrorists and criminals are using to hide their nefarious activities are those that everyday Americans rely on to safely shop online, communicate with friends and family, and run their businesses,” they wrote. “We are no longer simply weighing the costs and benefits of privacy vs. security but rather security vs. security.”

Tech Companies and Civil Liberties Groups Force Obama To Weigh In On Encryption Debate


Tech Companies and Civil Liberties Groups Force Obama To Weigh In On Encryption Debate

President Obama will now be forced to publicly describe the extent of his commitment to protecting strong encryption, after nearly 50 major technology companies, human rights groups, and civil liberties collectives—including Twitter, the ACLU, and Reddit — succeeded in getting over 100,000 signatures on a White House petition on Tuesday.

The government’s “We the People” platform, created in 2011, was designed as “a clear and easy way for the American people to petition their government.” Once a petition gains 100,000 signatures, it is guaranteed a response.

The petition demands that Obama “publicly affirm your support for strong encryption” and “reject any law, policy, or mandate that would undermine our security.”

FBI director James Comey has been preaching about the dangers of end-to-end encryption for the past year, saying it blocks law enforcement from monitoring communications involving criminals and terrorists. He’s asked for special access into encrypted communications — a “back door” or “front door.”

However, technologists and privacy advocates insist that any hole in encryption for law enforcement can be exploited by hackers.

Comey testified earlier this month before the Senate Homeland Security and Governmental Affairs Committee that the White House was not seeking legislation to force companies to build backdoors into their products—at least not yet.

However, top intelligence community lawyer Robert S. Litt wrote in a leaked e-mail obtained by the Washington Post that public opinion could change “in the event of a terrorist attack or criminal event” where encryption stopped law enforcement from detecting the threat. He recommended “keeping our options open for such a situation.”

Now, the White House will have to speak for itself.

“More than 100,000 users have now spoken up to ask the Administration to make a strong statement in support of data security – no back doors, no golden keys, no exceptional access,” said Amie Stepanovich, the U.S. Policy Manager for digital rights group Access Now, one of the founding organizations of the petition along with the Electronic Frontier Foundation. “We thank those who have stood with us and look forward to President Obama’s response.”