Cybersecurity

Senators warn on encryption

digital key (Mott Jordan/Shutterstock.com) 

Law enforcement hawks on the Senate Judiciary Committee threatened tech companies with new rules for access to encrypted data.

At a Dec. 12 hearing, Sen. Lindsey Graham (R-S.C.), the panel's chairman, warned that the time had come for tech companies to work with law enforcement agencies to develop a way into encrypted devices and data through a warrant or face legislative action.

"This time next year, if we haven’t found a way that you can live with, we will impose our will on you," Graham said.

Graham's tough talk was echoed by Sen. Marsha Blackburn (R-Tenn.).

"We've slapped your hand enough. This is not going to continue," she said.

Tech company officials who testified at the hearing stressed the importance of encryption for user privacy and noted that Congress itself approved encrypted apps for use on lawmaker smartphones.

"Government officials and organizations of all kinds have recognized the immense importance of secure private communications," said Jay Sullivan, a product manager for Facebook's Messenger app, noting that the Senate approved the use of the encrypted messaging application Signal for staffers in 2017.

Platform owners and device makers cited familiar refrains on the technical hurdles they face in providing an encryption workaround for law enforcement that can't be exploited by criminal adversaries.

"We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in," said Erik Neuenschwander, Apple's manager of user privacy.

Neuenschwander said over the last seven years, his company has responded to almost 130,000 U.S. law enforcement agencies' requests for information, as well as supporting thousands of emergency requests, with the company responding within 20 minutes.

Sullivan told the committee that if the U.S. steps away from strong privacy and encryption, foreign app providers would fill the gap, complicating law enforcement's job even more.

Matt Tait, a cybersecurity fellow at the University of Texas and a former information security specialist for Britain's GCHQ, noted that companies walk a fine line when trying to serve customers seeking a secure product while being compliant with law enforcement requests. In the event of a new regulation from Congress mandating access to encrypted devices, Tait said, "you would see all of the tech companies looking for how they can build that in the most secure way possible."

But absent new rules, Tait noted, "it would be insane for any of these tech companies to build that kind of a solution because then they would be attacked by their competitors."

The question remains as to whether there is widespread support in Congress to require new rules. Sen. Chris Coons (D-Del.) noted that "there is a great enthusiasm for finding a solution that allows law enforcement timely, reasonable and affordable access to critical evidence of crime" among committee members at the hearing. "Frankly," he said later, "most of us are concerned about protecting the most vulnerable Americans."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


Featured

  • Veterans Affairs
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA health record go-live pushed back to July

    The Department of Veterans Affairs is delaying a planned initial deployment of its $16 billion electronic health record project by four months, but is promising added functionality at the go-live date.

  • Workforce
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    Esper says he didn't seek the authority to gut DOD unions

    Defense Secretary Mark Esper told lawmakers he was waiting for a staff analysis of a recent presidential memo before deciding whether to leverage new authority.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.