The House Energy and Commerce Committee hosted representatives from the FBI, Apple, and other tech and law enforcement groups at an April 19 hearing in Washington to get a better grasp on how to best mitigate encryption and privacy rights in the face of fast-paced technological enhancements and pressing national security needs.
The ECC’s Oversight and Investigations Subcommittee Chairman Tim Murphy, R-PA., acknowledged the dual narratives fueling the conversation. One the one hand, encryption allows for unilateral online protections, aegises that are important. On the other, those same safeguards, now often built in to devices “by default,” allow terrorists and criminals the ability to communicate beyond the grasp of law enforcement, he said.
“And that is the crux of the recent debate,” Murphy said. “Therefore, while many of the arguments in the current debate may echo those of decades past, the circumstances have changed, and so too must the discussion.” Discourse must extend beyond San Bernardino, he said. “We can no longer be a battle between two sides, a choice between black and white. If we take that approach, the only outcome is that we all lose. This is a core issue, of public safety and ethics, and it requires a very thoughtful approach.”
Congresswoman Diana DeGette, D.-Colo., lamented the “don’t do this” approach from the tech industry thus far, lobbying for insight as to what the government should do instead. “[The] discussion needs to include a dialogue about how to move forward,” she said. “I can’t believe this problem is intractable.”
That sentiment was echoed by FBI Executive Assistant Director for Science and Technology Amy Hess. While the agency believes in strong encryption, Hess described the increasingly difficult time law enforcement officials were having to “put the investigative puzzle together” due to sophisticated security tools built by default. The agency’s recent use of third-party groups to crack the San Bernardino culprits’ encrypted iPhone is not an ironclad solution going forward, Hess said. Instead, “We really need the cooperation … [of other industries] for help.”
New York City Police Department Chief Thomas Galati further argued that tech companies also need the input of law enforcement.
“I am confident that corporate CEOs do not hold themselves to the same public safety standards as our elected officials and law enforcement professionals,” he said. “The answer cannot be warrant-proof encryption.”
Apple General Counsel Bruce Sewell admitted that while some users of encrypted technology were subject to “law enforcement inquiries,” they represented “far less than one-tenth of one percent of our hundreds of millions of users.” However, if the tech industry was made to create a back door or special key, “100 percent of our users would be made more vulnerable.” He further challenged Galati’s earlier comment that Apple had an encryption access "key" until 19 months ago, stating that the company never had the access Galati described, nor had it offered source code to the Chinese government.
Continuing strong encryption practices is more than a mere matter of security, argued Amit Yoran of RSA. “This is a basic principle of economics,” he said. “Our standard of living depends on the goods and services we can produce. If we require exceptional access from U.S.-based companies that would make our information economy less secure, the market will go elsewhere.”
To allow U.S. encryption policies to atrophy would adversely affect a wide spectrum of American industries, and eventually our nation, he added.
The tech industry’s hands are tied, said Matthew Blaze, who first discovered vulnerabilities in the encryption-busting “Clipper Chip” in the early 1990s. Developing a secure tool that would both protect privacy and serve law enforcement needs is something beyond current technological capability. “
Unfortunately, we simply don’t know how to do that safely and securely at any scale and in general across the wide range of systems that exist today and that we depend on,” Blaze said. It would be wonderful if we could.” It would solve a myriad of fundamental technological issues, he added. “The state of computer and network security today can really only characterized as a national crisis.” If there was a silver bullet, “we would be deploying it with enormous enthusiasm."
Both sides of the debate expressed gratitude with the other for at least meeting to discuss the issues at hand.
“For everyone who is calling on congress to address this issue, here we are,” Murphy said.
If you want to comment on this post, you need to login.