Despite Bluster, Push to Crack Encryption Faces Long Odds in Congress

Even critics of the tech industry aren’t quite sure how to guarantee government access to terrorist communications.

Senate Intelligence Committee Chairman Richard Burr talks with National Security Agency Director Adm. Michael Rogers on Capitol Hill on Sept. 24. (NSA)

Major tragedies have a way of shifting the legislative process into hyper speed. Congress passed the Patriot Act, for example, just a little more than a month after the Sept. 11 terrorist attacks. More recently, the House drafted and passed a bill to limit Syrian and Iraqi refugees just days after the terrorist attacks in Paris.

While the Paris attacks have also reignited a debate over encryption, congressional aides and cybersecurity experts doubt that attention will translate into action any time soon.

"I don’t see anything imminent,” one House aide familiar with the issue said. “The same mechanics that blocked a legislative path forward a month ago block it today.”

CIA Director John Brennan and Sens. Richard Burr and Dianne Feinstein, the bipartisan leaders of the Senate Intelligence Committee, all argued last week that encrypted services are empowering terrorists to evade surveillance. “I think the biggest threat today is the idea that terrorists can communicate in dark space, dark platforms, and we can't see what they're saying. … If you can't see what they're saying it is very difficult to stop it,” House Homeland Security Chairman Michael McCaul said on CBS’s Face the Nation on Sunday.

But any legislation to ensure the government can access encrypted communications would face fierce resistance from the technology industry. Companies like Apple, Google, and Facebook argue that a “backdoor” for the U.S. government could also be exploited by hackers or oppressive regimes, ultimately undermining trust in their services. And, they argue, it wouldn’t even help thwart attacks because terrorists would just switch to foreign services that could remain encrypted.

Jason Healey, a cybersecurity scholar at Columbia University’s School of International and Public Affairs, said that technology companies already feel burned by the scope of surveillance revealed by Edward Snowden. They would be a major obstacle to passing any legislation that would undermine encryption, he said.

“I would be very surprised if you see any significant action happening quickly,” Healey said. “It’s easy to pass a bill on refugees because they don’t have millions of dollar of lobbyists in there arguing for them.”

Burr, at least, doesn’t care much about pleasing the tech companies. “We don’t have a responsibility to sell their products. We have a responsibility to keep America safe,” Burr said at a press conference last week.

But even he and Feinstein acknowledge that encryption is a technologically complicated issue, and they are wary of moving too quickly. “I wouldn’t dare even remotely make you believe we’re on a legislative route. We’re on an exploratory route,” Burr said at the same press conference. No lawmaker has unveiled a bill yet that would mandate government access to encrypted communications.

“Look at both of us, look at our age,” the 59 year-old Burr said as he gestured towards the 82 year-old Feinstein. “This is a very difficult thing for us to understand because I won’t tell you that we are steeped in technology.” (Feinstein shot back: “Speak for yourself!”)

FBI Director James Comey has been warning about the risks of terrorists and criminals using encryption to “go dark” from surveillance for more than a year. But last month, after an extensive internal deliberation, the White House said it would not seek legislation to compel companies to provide access to their encrypted communications. White House aides have declined to revise that statement in the wake of the Paris attacks.

Sen. Ron Wyden, an Oregon Democrat and longtime privacy advocate, has been leading the charge in Congress against any effort to weaken encryption. “I am standing up against these dangerous proposals to ensure we act based on the facts, not fear, in the days ahead,” he wrote Monday in a blog post titled "Encryption Is Not the Enemy."

Reports in French media that the terrorists sent unencrypted text messages as they carried out their attacks have also sapped the security hawks of some of their momentum.

Jim Lewis, a senior fellow at the Center for Strategic and International Studies, argued that any solution will require coordination with other countries and the tech companies. “It’s been such a heated discussion, the temperature needs to go down, people need to take a deep breath,” he said.

He also noted that the competing jurisdictions of several congressional committees over the issue would mean a long road ahead on Capitol Hill. “If we start now, check back in three years,” he said.