As Apple and the Justice Department continue their war of words in the case to open an iPhone owned by one of the the San Bernardino shooters, Congress has been scurrying to find a legislative answer to balance security and privacy regarding encryption. Rep. Suzan DelBene, D-Wash., is one of the lawmakers trying to make things happen, issuing several bills that deal with the way the government handles digital security.
At South by Southwest, FedScoop sat down with Rep. DelBene to talk about the president’s comments on encryption, what security legislation could mean for U.S. tech businesses and the lack of technical expertise currently in Congress.
Editor’s note: The transcript has been edited for clarity and length.
FedScoop: So President Obama tried to take both sides with his comments on encryption but called for more dialogue to rise above the “fetishization of our phones.” What did you think of these remarks?
Rep. Suzan DelBene: I think it’s important that we have a dialogue and discussion about this. In that respect, I agree. I know that encryption is an important thing. I worked in encryption and it’s very important to protecting people’s information and for security. We have to always keep that in mind. Back doors in the system compromises that security. The question was phrased to him as “privacy versus security,” and clearly uses of personal privacy are important, but it’s also “security vs. security.” We don’t talk about that as much. I do think encryption is important to security, to information, to business information, to government information. He alluded to this a little bit — creating a back door that creates a hole for bad actors to take advantage of I think is extremely concerning. That’s why you can’t just say “we’re going to require there to be back doors.” I’m on legislation that would say we should not do that. That’s going to be the conversation going forward. Clearly, Apple has real concerns.
FS: Before President Obama spoke, Press Secretary Josh Earnest said the following at his daily press briefing: “I continue to be personally skeptical, more broadly … of Congress’ ability to handle such a complicated policy area, given Congress’ recent inability to handle simple things.” Does Congress need move faster on this matter?
SD: I think there are places where Congress hasn’t acted. In this particular area, there are some simple things we can do right away. Look at the Electronic Communications Privacy Act. President Obama talked about a warrant coming to access information. Well, we don’t have a warrant standard on all digital information. We have a pretty simple bill, the Email Privacy Act, that would say you need a warrant to access digital communications just like you need a warrant to access a piece of paper in your file drawer. It has over 300 co-sponsors in Congress. That’s pretty unheard of. So we all agree. We haven’t been allowed to vote on that legislation. I am hoping it will move forward, but that actually is a case of something that should be straightforward and easy to do, but we have been working hard in a bipartisan effort to move to legislation forward. The House Judiciary Committee chairman [Bob Goodlatte, R-Va.] said we might be able to move forward on that bill and bring it into committee. I’m hopeful that will move forward because I think it will pass with bipartisan support.
Fundamentally, there are laws that are very out of date with the way the world works today. We should be updating our laws. It’s hard to go back and look historically at our laws and say what the intent was. I’m pretty sure when folks were writing ECPA in 1986 they didn’t know the way the world was going to be today. I worked on email at 1989, and you could only send email inside your company. It wasn’t a consumer based system at this point. The world has changed a lot since then. The way that technology works has changed since then. Our law hasn’t changed in 30 years. Congress does need to be more responsible there. Even if an issue is complicated, that is not a reason why we shouldn’t require Congress to make a decision.
FS: So the rhetoric between Apple and DOJ has gotten heated in the lead-up to their court case. How was that taken away from the dialogue revolving around the issue?
SD: This isn’t about one particular case; it’s about creating a back door and the concern of having bad actors take advantage of that. I think the other thing that has been missed in this conversation is strong encryption technology exists around the world. So if you say that U.S. companies have to provide back doors, it’s not going to prevent bad actors from using technology from another part of the world where you won’t have a back door. You have to realize that technology is available around the world and one simple solution here can move the challenge and problem somewhere else. That part of the conversation needs to be considered.
FS: What about the notion that if legislation is passed, U.S. companies will be forced to move out of the country?
SD: Or what if you have to provide similar back doors to other governments in the world? Even if U.S. companies aren’t overseas, technology from other companies will be available. You can put encryption technology on top of your phone if your phone doesn’t have it. It’s not contained in that same way, the one particular phone, one device. I think that has to be discussed and brought into the conversation. At the same time, with the Internet of Things, we are going to have more and more devices with more and more data being exchanged. These are connected devices. You are going to want to make sure if you have autonomous, driverless cars that you can’t hack into it. Also your home security system, your thermostat. Security is going to be critically, critically important. We have to have that broad conversation.
FS: How do you account for the fact that technology evolves faster than the policy crafted around its use?
SD: Well, with bills like the Email Privacy Act, there is no reason why that shouldn’t have moved more quickly. It has strong bipartisan support, like it did in the last Congress. This is really about letting our legislative process move forward. This is one bill that’s bipartisan. We have an interesting opportunity to move forward on issues like privacy and cybersecurity, and on issues like these you get people to work across party lines. I think part of the discussion in this issue has been what role does Congress play and what role do the courts play? Congress should say, “Here’s where we think things should go in the world today,” and then courts can make decisions on individual decisions going forward, too. On things where we don’t have a warrant standard on information, we have confused the legislative intent.
FS: Given your background in tech, you have a good foundation to work from on these issues. That level of expertise is rare in Congress. How do you account for that so the policies regarding tech actually meet with how these devices function?
We have got to get folks up to speed. It will partly change over time because kids growing up today are growing up with technology in a different way from even my generation. I think we will see changes come naturally from that. As is true with any issue we deal with, we need people to be engaged and understand the depths of these issues. That’s why [Rep. Darrell Issa, R-Calif.,] and I set up the Internet of Things caucus to talk about where IoT is today, where it may be going and to be thoughtful about putting these policies together so that it does not inhibit innovation but also makes sure we are beginning to protect consumers in these issues. That has to be part of the work that we all do to educate folks.
The president asked for folks to get involved in the U.S. Digital Service; maybe that means we will get more tech folks interested in serving in different ways to facilitate this.
Contact the reporter on this story via email at firstname.lastname@example.org, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.