Undermining Encryption Not an Option, House Judiciary Chair Pledges
A bipartisan committee report that urged strong encryption will be the committee’s starting point this year, Rep. Bob Goodlatte said.
The House Judiciary Committee wants to help police track terrorists and criminals who hide using encrypted communication tools this Congress, but undermining encryption is a nonstarter, Chairman Bob Goodlatte, R-Va., said Wednesday.
A bipartisan joint report from the Judiciary and Energy and Commerce committees in December urged against any legislative effort to weaken the encryption that protects internet activity from prying eyes but endorsed various workarounds to help the FBI and police officers track terrorists and criminals.
Those workarounds include examining unencrypted metadata from suspect communications, such as sender and recipient information, and improving law enforcement’s hacking abilities to exploit weaknesses in encryption and its implementation.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
That report will be the Judiciary Committee’s starting point on encryption this Congress, Goodlatte said during an event outlining committee priorities.
“This is an exceedingly difficult problem to address because it’s not privacy vs. security, but it’s privacy and security,” Goodlatte said, adding, “it’s clear that more security, not less, is needed to make sure that people and businesses are protected.”
The pledge came during a lengthy discussion that dealt with immigration and patent reform among other topics.
Federal officials led by FBI Director James Comey have urged Congress to give law enforcement special access, with a warrant, to end-to-end encrypted communication systems, which shield communications even from the company that hosts the communication.
Those systems allow terrorists to “go dark,” Comey has warned.
The issue surged to popular attention last year when the FBI tried to compel Apple to help unlock an encrypted iPhone used by San Bernardino shooter Syed Farook. The FBI dropped that demand after an unnamed third party helped the FBI bypass the security code feature at issue.
Senate Intelligence Chairman Richard Burr, R-N.C., and then-ranking member Sen. Dianne Feinstein, D-Calif., floated but never introduced legislation that would have compelled tech companies to assist law enforcement during similar situations if presented with a warrant.
Emails and Warrants
Goodlatte also pledged Wednesday to renew a push to require warrants for law enforcement access to all emails including old ones.
The 1980s-era Electronic Communications Privacy Act currently allows the Justice Department and other agencies to access emails and other digital communications that are more than 180 days old with only a subpoena.
Legislation to require a warrant for those emails passed the House unanimously last year, but did not reach the Senate floor. That legislation, sponsored by Rep. Kevin Yoder, R-Kan., will be the Judiciary Committee’s starting point this year, Goodlatte said.
The committee will also “explore solutions to govern law enforcement’s access to data stored overseas,” Goodlatte said, though he did not provide details.
Microsoft is currently sparring with the Justice Department over whether ECPA requires the tech giant to turn over customer emails stored in a data center in Dublin. The Justice Department lost the most recent round of that fight at the U.S. Court of Appeals for the Second Circuit and may appeal to the Supreme Court.
Section 702
Goodlatte also pledged Wednesday to renew Section 702 of the Foreign Intelligence Surveillance Act, a controversial spying power that will expire at the end of 2017. Section 702 grants the National Security Agency broad powers to gather digital information about foreigners. The scope of the law was exposed by leaker Edward Snowden.
Congress only succeeded at the last minute in reauthorizing another broad spying authority, Section 215 of the Patriot Act, in 2015. The USA Freedom Act authorized a pared down version of the law, which allows bulk collection of metadata, a few days after the authority expired.