Lawmakers warn against weakening encryption
- By Sean D. Carberry
- Dec 21, 2016
A bipartisan congressional working group has concluded that any weakening of encryption to accommodate law enforcement threatens the national interest, but more must be done to meet the needs of law enforcement and intelligence agencies.
The 10-person Encryption Working Group, consisting of members of the House Judiciary and Energy and Commerce Committees, spent six months speaking with industry, law enforcement, civil society and other stakeholders about the ongoing debate over encryption and law enforcement for a report released Dec. 20.
The report doesn't propose a comprehensive solution to the conflict between security and privacy, but it does look to frame the debate.
One key premise of the report is that "Any measure that weakens encryption works against the national interest."
"Stakeholders from all perspectives acknowledged the importance of encryption to our personal, economic, and national security," the group wrote. "Representatives of the national security community told the group that strong encryption is vital to the national defense and to securing vital assets, such as critical infrastructure."
The group said that civil society and industry also stressed the importance of encryption for privacy, cybersecurity and free speech rights.
"Congress should not weaken this vital technology because doing so works against the national interest," the group wrote. "However, it should not ignore and must address the legitimate concerns of the law enforcement and intelligence communities." The group also urged Congress to "foster cooperation between the law enforcement community and technology companies."
Opponents of efforts to require tech vendors to build in law enforcement access to encrypted communications welcomed the report.
"We hope that this report sends a strong signal to Senators Burr and Feinstein and anyone else on Capitol Hill considering legislation that would undermine encryption: the House committees that have jurisdiction over this issue are not interested in moving forward with any wrongheaded backdoor bill," said Kevin Bankston, Director of New America's Open Technology Institute.
"The working group makes it clear that 'any measure weakening encryption works against the national interest,'” said Andy Halataei, senior vice president for global affairs at the Information Technology Industry Council. "They recognize there are no easy answers because of the trade-offs that would occur for the security and safety of Americans by placing restrictions or limitations on encryption."
The report comes at a time of growing uncertainty in the encryption debate, given a number of statements by President-elect Trump calling for the tech sector to provide back doors or other means for law enforcement agencies to access encrypted data to combat terrorism.
The group said that despite the need for strong encryption, the debate has to shift from a binary "pro-encryption versus law enforcement" approach and instead look for opportunities to collaborate and share information between industry and law enforcement.
"Failure to examine these ideas risks further entrenchment of the status quo and limits the potential for valuable cooperation between law enforcement, the intelligence community, and private industry," the report said.
The group stated that there is a significant technical knowledge and capabilities gap in law enforcement -- especially at the state and local level -- and that law enforcement does not make the best use of available unencrypted data.
"A number of stakeholders acknowledged the potential benefit of improving law enforcement's understanding of what data or information is available, who controls it, and how it could be useful to investigators," the report stated. "In particular, companies are often able to provide volumes of unencrypted metadata associated with their products or services."
The group concluded that Congress can play an important role in facilitating collaboration between industry and law enforcement and providing assistance to law enforcement "with respect to navigating the process of accessing information from private companies."
According to the group, Congress can also explore ways to maximize the use of metadata and provide clearer parameters for law enforcement about what metadata can be accessed and under what conditions.
The group also highlighted legal hacking as an area needing legislative clarity. "Committees might explore a legal framework under which law enforcement agencies can exploit existing flaws in digital products," the group wrote.
That would require addressing questions such as what authorities are needed to allow law enforcement to hack and law enforcement's responsibility to disclose vulnerabilities.
"This is a complex challenge that will take time, patience, and cooperation to resolve," the report concludes. "The potential consequences of inaction -- or overreaction -- are too important to allow historical or ideological perspectives to stand in the way of progress.
Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.