Is Congress All Bark and No Bite on Encryption?

Senate Intelligence Committee Chairman Richard Burr talks with National Security Agency Director Adm. Michael Rogers on Capitol Hill on Sept. 24.

Senate Intelligence Committee Chairman Richard Burr talks with National Security Agency Director Adm. Michael Rogers on Capitol Hill on Sept. 24. Pablo Martinez Monsivais/AP

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Stay Ahead of the Latest Threats with Intelligence-driven Security Operations
Presented By Google Cloud
Download Now
Strengthening cloud security for federal agencies
Presented By Wiz
Download Now
Brendan Sasso By Brendan Sasso,
National Journal

By Brendan Sasso,
National Journal

|

Even critics of the tech industry aren’t quite sure how to guarantee government access to terrorist communications.

Major tra­gedies have a way of shift­ing the le­gis­lat­ive pro­cess in­to hy­per speed. Con­gress passed the Pat­ri­ot Act, for ex­ample, just a little more than a month after the Sept. 11 ter­ror­ist at­tacks. More re­cently, the House draf­ted and passed a bill to lim­it Syr­i­an and Ir­aqi refugees just days after the ter­ror­ist at­tacks in Par­is.  

While the Par­is at­tacks have also re­ignited a de­bate over en­cryp­tion, con­gres­sion­al aides and cy­ber­se­cur­ity ex­perts doubt that at­ten­tion will trans­late in­to ac­tion any time soon.

“I don’t see any­thing im­min­ent,” one House aide fa­mil­i­ar with the is­sue said. “The same mech­an­ics that blocked a le­gis­lat­ive path for­ward a month ago block it today.”

CIA Dir­ect­or John Bren­nan and Sens. Richard Burr and Di­anne Fein­stein, the bi­par­tis­an lead­ers of the Sen­ate In­tel­li­gence Com­mit­tee, all ar­gued last week that en­cryp­ted ser­vices are em­power­ing ter­ror­ists to evade sur­veil­lance.

“I think the biggest threat today is the idea that ter­ror­ists can com­mu­nic­ate in dark space, dark plat­forms, and we can’t see what they’re say­ing. … If you can’t see what they’re say­ing it is very dif­fi­cult to stop it,” House Home­land Se­cur­ity Chair­man Mi­chael Mc­Caul said on CBS’s Face the Na­tion on Sunday.

But any le­gis­la­tion to en­sure the gov­ern­ment can ac­cess en­cryp­ted com­mu­nic­a­tions would face fierce res­ist­ance from the tech­no­logy in­dustry. Com­pan­ies like Apple, Google, and Face­book ar­gue that a “back­door” for the U.S. gov­ern­ment could also be ex­ploited by hack­ers or op­press­ive re­gimes, ul­ti­mately un­der­min­ing trust in their ser­vices. And, they ar­gue, it wouldn’t even help thwart at­tacks be­cause ter­ror­ists would just switch to for­eign ser­vices that could re­main en­cryp­ted.

Jason Healey, a cy­ber­se­cur­ity schol­ar at Columbia Uni­versity’s School of In­ter­na­tion­al and Pub­lic Af­fairs, said that tech­no­logy com­pan­ies already feel burned by the scope of sur­veil­lance re­vealed by Ed­ward Snowden. They would be a ma­jor obstacle to passing any le­gis­la­tion that would un­der­mine en­cryp­tion, he said.

“I would be very sur­prised if you see any sig­ni­fic­ant ac­tion hap­pen­ing quickly,” Healey said. “It’s easy to pass a bill on refugees be­cause they don’t have mil­lions of dol­lar of lob­by­ists in there ar­guing for them.”

Burr, at least, doesn’t care much about pleas­ing the tech com­pan­ies. “We don’t have a re­spons­ib­il­ity to sell their products. We have a re­spons­ib­il­ity to keep Amer­ica safe,” Burr said at a press con­fer­ence last week.

But even he and Fein­stein ac­know­ledge that en­cryp­tion is a tech­no­lo­gic­ally com­plic­ated is­sue, and they are wary of mov­ing too quickly.

“I wouldn’t dare even re­motely make you be­lieve we’re on a le­gis­lat­ive route. We’re on an ex­plor­at­ory route,” Burr said at the same press con­fer­ence. No law­maker has un­veiled a bill yet that would man­date gov­ern­ment ac­cess to en­cryp­ted com­mu­nic­a­tions.

“Look at both of us, look at our age,” the 59 year-old Burr said as he ges­tured to­ward the 82 year-old Fein­stein. “This is a very dif­fi­cult thing for us to un­der­stand be­cause I won’t tell you that we are steeped in tech­no­logy.” (Fein­stein shot back: “Speak for your­self!”)

FBI Dir­ect­or James Comey has been warn­ing about the risks of ter­ror­ists and crim­in­als us­ing en­cryp­tion to “go dark” from sur­veil­lance for more than a year. But last month, after an ex­tens­ive in­tern­al de­lib­er­a­tion, the White House said it would not seek le­gis­la­tion to com­pel com­pan­ies to provide ac­cess to their en­cryp­ted com­mu­nic­a­tions. White House aides have de­clined to re­vise that state­ment in the wake of the Par­is at­tacks.

Sen. Ron Wyden, an Ore­gon Demo­crat and long­time pri­vacy ad­voc­ate, has been lead­ing the charge in Con­gress against any ef­fort to weak­en en­cryp­tion.

“I am stand­ing up against these dan­ger­ous pro­pos­als to en­sure we act based on the facts, not fear, in the days ahead,” he wrote Monday in a blog post titled “En­cryp­tion Is Not the En­emy.”

Re­ports in French me­dia that the ter­ror­ists sent un­en­cryp­ted text mes­sages as they car­ried out their at­tacks have also sapped the se­cur­ity hawks of some of their mo­mentum.

Jim Lewis, a seni­or fel­low at the Cen­ter for Stra­tegic and In­ter­na­tion­al Stud­ies, ar­gued that any solu­tion will re­quire co­ordin­a­tion with oth­er coun­tries and the tech com­pan­ies.

“It’s been such a heated dis­cus­sion, the tem­per­at­ure needs to go down, people need to take a deep breath,” he said.

He also noted that the com­pet­ing jur­is­dic­tions of sev­er­al con­gres­sion­al com­mit­tees over the is­sue would mean a long road ahead on Cap­it­ol Hill.

“If we start now, check back in three years,” he said.

NEXT STORY: New 'Playbook' Details What It's Like to Work with 18F