Key lawmakers in both chambers on Monday proposed some of the first bills to address the use of encrypted communications in the wake of the terrorist attacks in Paris and San Bernardino.
The proposals from Senate Democrats and House Republicans wouldn’t mandate that the government have “backdoor” access to communications. Instead, the lawmakers are just proposing that the government and the tech industry work together to study the issue.
But even that tentative first step has privacy advocates nervous. “From my perspective, the idea is worrying,” said Chris Calabrese, the vice president for policy at the Center for Democracy and Technology, a digital-rights group. “Encryption is so foundational to the security of the Internet. Proposals to study backdoors seem like they will inevitably lead to some bad technical compromises.”
In a speech Monday, House Homeland Security Chairman Michael McCaul, a Texas Republican, said he plans to introduce legislation to create a “national commission on security and technology” that would issue recommendations to “protect privacy and public safety.” He said the commission would include members from law enforcement, as well as civil-liberties advocates, academics, and representatives from technology companies.
Senate Democratic leaders announced their own proposals Monday to fight ISIS, including legislation to direct the National Academy of Sciences and intelligence agencies to work with the private sector to “identify how encryption technology is used and how to make sure that our national security needs and technology policies are not working at cross-purposes.”
The bills follow a speech on terrorism Sunday night by President Obama in which he said he will “urge high-tech and law-enforcement leaders to make it harder for terrorists to use technology to escape from justice.” Democratic presidential candidate Hillary Clinton also said Sunday that tech companies should get to work “disrupting” ISIS.
FBI Director James Comey first gave a high-profile speech last year warning that criminals and terrorists are increasingly using encryption to “go dark” from surveillance. His push for broader surveillance powers had seemingly sputtered out, but the attacks in Paris and San Bernardino have put the issue back on the front burner in Washington.
The tech industry and privacy advocates are fiercely opposed to any legislation to weaken encryption. A backdoor for the government would be a huge cybersecurity risk because it could also be exploited by malicious hackers, they warn.
“It’s the widely held consensus of countless computer scientists, technology companies, and national security experts that it is impossible to build a backdoor into encrypted products without compromising cybersecurity and privacy,” said Neema Singh Guliani, a legislative counsel for the American Civil Liberties Union. “We don’t need yet another commission to conclude … that the U.S. government shouldn’t support policies that weaken encryption.”
If Congress does move ahead with a commission to study the issue, she said, its recommendations wouldn’t be “credible” unless it includes privacy experts and technologists.
While the lawmakers are scrambling to find a way to ensure the government can spy on terrorist communications, they also seem sensitive to the concerns from the tech industry. McCaul was careful Monday to emphasize that he does not want to “vilify” encryption. “A legislative knee-jerk reaction could weaken Internet protections and privacy for everyday Americans, while doing nothing puts American lives at risk and makes it easier for terrorists and criminals to escape justice,” he said.
The debate over encryption stretches back to at least the 1990s, with the first round of the so-called “Crypto Wars.” And despite plenty of debate, no one has been able to find a proposal that satisfies both sides. “At the end of the day, you can't stop someone from doing math or creating cryptography,” said Mark Jaycox, a legislative analyst for the Electronic Frontier Foundation.