Proposed crypto commission needs supermajority for report

A bipartisan, bicameral pair of lawmakers Monday published the eagerly-awaited text of their bill setting up a national commission on encryption to resolve the conflicts being played out in the Apple versus FBI case.

The bill, co-sponsored by Rep. Michael McCaul, R-Texas, and Sen. Mark Warner, D-Va., would create a 16-strong National Commission on Security and Technology Challenges, with each party appointing eight members. A supermajority of 12 would be required to approve a subpoena — and to sign off on the commission’s final report on the impact, role and future of digital encryption in the U.S., due after one year.

Each party would appoint one member to the commission to focus on each of the following topics: cryptography; global commerce and economics; federal law enforcement; state and local law enforcement; consumer-facing technology sector; enterprise technology sector; intelligence community; and privacy and civil liberties community. One of those, chosen by the GOP House speaker and Senate majority leader, will be the chairman. Another, picked by the Democratic minority leaders in both chambers, will be a vice chairman. Additionally, the president will appoint another member in an “ex officio capacity” who will not vote.

The chairman and vice chairman would have to agree on the appointment and pay of an executive director and “other necessary staff.” The bill enjoins federal agencies and departments to “cooperate expeditiously” in getting security clearances for commission members and their staff. The staff could include “detailees, experts, and consultants,” according to a fact sheet, and the commission could accept voluntary and uncompensated services.

According to the factsheet, the commission would be required, in its report to Congress after one year, to assess:

• The issue of multiple security interests (public safety, privacy, national security, and communications and data protection) both now and in 10 years.
• The economic and commercial value of cryptography and digital security and communications technology.
• The benefits of cryptography and digital security and communications technology to national security and crime prevention.
• The role of cryptography and digital security and communications technology in protecting the privacy and civil liberties of Americans.
• The effects the use of cryptography and other digital security and communications technology has on law enforcement and counterterrorism.
• The costs of weakening cryptography and digital security and communications technology standards.
• International laws, standards, and practices for legal access to communications and data protected by cryptography and digital security and communications technology.

Commissioners would be expected to produce recommendations on:

• Methods to take advantage of the benefits of digital security and communications technology while mitigating the risk of abuse by bad actors.
• The tools, training, and resources that could be utilized by law enforcement and national security agencies to adapt to the new digital landscape.
• Cooperation between the government and private sector to work together to impede terrorists’ use of digital security and communications technology to mobilize, facilitate, and carry out attacks.
• Any revisions to current law regarding wiretaps and warrants for digital data, while preserving privacy and market competitiveness.
• Proposed changes to procedures for obtaining warrants to increase efficiency and cost effectiveness for the government, tech companies, and service providers.
• Steps the U.S. can take to lead the development of international standards for digital evidence for criminal investigations, including reforming the mutual legal assistance treaty process.

Encryption has risen to the national spotlight in recent weeks after the FBI and Apple went toe-to-toe in a court battle over unlocking the encrypted iPhone of San Bernardino terrorism suspect Syed Rizwan Farook. The FBI obtained his phone in December 2015 but has been unsuccessful in attempts to bypass its security and access its contents. A federal judge ordered Apple to create special custom software to bypass the security features, what many refer to as a backdoor. Apple, however, has refused to cooperate.

Experts, like retired four-star Air Force Gen. Michael Hayden, the former director of NSA, have been calling on Congress to resolve the dispute, but the future of any legislative fix is murky.

Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., the chairman and vice-chair respectively of the Senate Select Committee on Intelligence, have promised a bill requiring companies to create a way that they can grant court-mandated access for law enforcement to their encrypted products. They compare the requirement to that on telephone network operators who have to provide a facility for wiretaps.

The bill has yet to materialize (congressional sources told FedScoop to expect a March publication date), but when it does, it likely faces a hugely uphill battle in Congress, where the tech industry, which largely sides with Apple, has many supporters.

“The issue of ‘going dark’ has driven a wedge between law enforcement and our nation’s leading innovators,” the lawmakers wrote in a one-pager on the proposed commission. “But we must stop shouting past each other and start talking with each other. Americans have heard too much bluster and too little substance, and so far Washington has failed to bridge the divide.”

TechDirt first reported this story, and posted the leaked versions of the documents that we link to.