Top security and law enforcement officials are pushing Congress to continue fighting for some sort of encryption legislation that would grant access to secured systems in the event of a criminal investigation.
“We now find ourselves at what is a complete impasse [in the encryption debate], and it is time I urge for congress to step in and break that impasse,” Former Assistant Attorney General for National Security Kenneth Wainstein told a Senate Armed Services Committee, or SASC, hearing Thursday.
“While I fully appreciate the validity of concerns by the tech companies, I do not believe that that is the end of the discussion,” he added.
Weinstein, along with former NSA Deputy Director Chris Inglis and Manhattan District Attorney Cyrus Vance, Jr., spoke before lawmakers in an effort to restart negotiations concerning so-called “backdoors” and other workarounds to encryption. This Senate committee launched effort — largely led by veteran Sen. John McCain, R-Ariz., and comprised of members from both sides of the aisle — aims to formalize definitive encryption policy in the future.
The panel members’ opinions were noticeably one-sided, in favor of regulating encryption in order to give law enforcement access as they need it.
During the hearing, McCain repeatedly criticized his colleagues from the Senate for not mandating that data from encrypted communication services be accessible to law enforcement during an investigation.
McCain said continued inaction effectively protects child pornographers and human traffickers. He vowed to subpoena tech company executives — specifically naming Apple CEO Tim Cook — if they continue to refuse attendance in follow-up hearings.
According to Vance, the number of unaccessible electronic devices captured by law enforcement grows by the day. He said that in his New York office alone, there are encrypted smartphones carrying evidence related to a range of crimes from murder to child abuse.
“It seems to me that there are some in the technology community who have come to the conclusion that the inability to find a path to victims — in the cases I describe — is simply collateral damage,” Vance testified.
Inglis and Vance both said technology exists that wouldn’t “weaken” protection and yet could help law enforcement close cases.
“I think there are systems that we can develop which provide appropriate security … and at the same time deliver appropriate access to the government where it needs that.”
Inglis left the door open to the development of security absent of encryption, but his statements also directly contradict what many security experts and privacy advocates fundamental believe an encrypted product is designed to do.
“There are no technical systems that can be developed that guarantee ‘appropriate security’ for the user, while also guaranteeing regulated access to law enforcement only,” Gustaf Bjorksten, Chief Technologist at Access Now, said in response to the hearing through an email to FedScoop.
“Weakening the encryption of applications with backdoors allows for the possibility of criminals and foreign powers utilizing the same mechanism to access the sensitive user communications. In this digital age, any mandating of backdoors in encryption applications will harm the privacy of users, erode confidence in online transactions, and fail to achieve the results touted by law enforcement,” Bjorksten wrote.
Whether a U.S. company’s cybersecurity apparatus is strong enough to fend of attacks without broad encryption technologies is, at least until today, an internal decision — but the panel, in step with McCain, is advocating for a working partnership between the private and public sector on such choices.
Notably, the McCain-led SASC hearing comes more than seven months after Senate Select Committee on Intelligence leaders Sen. Dianne Feinstein, D-Calif., and Sen. Richard Burr, R-N.C., attempted to introduce legislation that would have compelled private tech companies to grant access to encrypted data if a court order is presented.
The Feinstein-Burr bill came shortly after a terrorist attack on American soil that left 14 people dead in San Bernardino, Calif.
Silicon Valley subsequently denounced the proposal, calling the move an attack on consumer privacy. At the moment, the Intelligence Committee bill is frozen — having never been introduced for a vote.
A Feinstein spokesperson told McClatchy DC that no decisions has been made concerning whether the Senator will move forward with the proposal — “staff continue to consult” on the matter.
To contact the reporter on this story: send an email via email@example.com or follow him on Twitter at @Bing_Chris. Subscribe to the Daily Scoop to get all the federal IT news you need in your inbox every morning at fdscp.com/sign-me-on