Senate Democratic leaders announced their own proposals Monday to fight ISIS, including legislation to direct the National Academy of Sciences and intelligence agencies to work with the private sector to “identify how encryption technology is used and how to make sure that our national security needs and technology policies are not working at cross-purposes.”
The bills follow a speech on terrorism Sunday night by President Obama in which he said he will “urge high-tech and law-enforcement leaders to make it harder for terrorists to use technology to escape from justice.” Democratic presidential candidate Hillary Clinton also said Sunday that tech companies should get to work “disrupting” ISIS.
FBI Director James Comey first gave a high-profile speech last year warning that criminals and terrorists are increasingly using encryption to “go dark” from surveillance. His push for broader surveillance powers had seemingly sputtered out, but the attacks in Paris and San Bernardino have put the issue back on the front burner in Washington.
The tech industry and privacy advocates are fiercely opposed to any legislation to weaken encryption. A backdoor for the government would be a huge cybersecurity risk because it could also be exploited by malicious hackers, they warn.
“It’s the widely held consensus of countless computer scientists, technology companies, and national security experts that it is impossible to build a backdoor into encrypted products without compromising cybersecurity and privacy,” said Neema Singh Guliani, a legislative counsel for the American Civil Liberties Union. “We don’t need yet another commission to conclude … that the U.S. government shouldn’t support policies that weaken encryption.”
If Congress does move ahead with a commission to study the issue, she said, its recommendations wouldn’t be “credible” unless it includes privacy experts and technologists.
While the lawmakers are scrambling to find a way to ensure the government can spy on terrorist communications, they also seem sensitive to the concerns from the tech industry. McCaul was careful Monday to emphasize that he does not want to “vilify” encryption. “A legislative knee-jerk reaction could weaken Internet protections and privacy for everyday Americans, while doing nothing puts American lives at risk and makes it easier for terrorists and criminals to escape justice,” he said.
The debate over encryption stretches back to at least the 1990s, with the first round of the so-called “Crypto Wars.” And despite plenty of debate, no one has been able to find a proposal that satisfies both sides. “At the end of the day, you can't stop someone from doing math or creating cryptography,” said Mark Jaycox, a legislative analyst for the Electronic Frontier Foundation.