The widespread use of encryption is making it increasingly difficult for the government to catch gangsters, child predators, and terrorists, a top Justice Department official warned Monday at a technology-policy conference.
“The Department of Justice is completely committed to seeking and obtaining judicial authorization for electronic evidence collection in all appropriate circumstances,” Leslie Caldwell, the head of the Justice Department’s Criminal Division, said in a speech to the State of the Net Conference. “But once that authorization is obtained, we need to be able to act on it if we are to keep our communities safe and our country secure.”
But just minutes after Caldwell finished her speech, another top Obama appointee took the stage at the Newseum in Washington, D.C. to deliver almost the exact opposite message to the audience of tech-industry insiders: Encryption helps protect consumers from hackers, argued Terrell McSweeny, a Democratic member of the Federal Trade Commission.
“As a person charged with thinking about consumer protection, I deeply worry about things like mandatory backdoors,” McSweeny said. “We need to be very mindful of consumer data security, and we should be very, very careful about anything that undermines that data security.”
The comments are just the latest example of top Obama administration officials offering conflicting views on how to address the growing use of encryption, which can thwart both law enforcement agents and criminals from gaining access to sensitive data.
FBI Director James Comey ignited the debate over encryption with a speech in 2014, in which he warned that criminals are increasingly “going dark” from government surveillance.
The FTC is an independent agency, so McSweeny isn’t required to be in lockstep with the FBI or any other part of the executive branch. The commission regulates consumer-protection issues, including privacy and data security. But McSweeny is not the only official to express concerns with policies that could weaken encryption.
Even National Security Agency Director Mike Rogers said last week that “encryption is foundational to our future” and that undermining encryption could lead to more massive hacks, like the breach of millions of federal records at the Office of Personnel Management, which was allegedly conducted by Chinese hackers. “Spending time arguing about, ‘Hey, encryption is bad and we have got to do something about it’—that is a waste of time to me,” Rogers said in a discussion at the Atlantic Council.
As the head of the NSA, Rogers has competing interests when it comes to cybersecurity. Strong “end-to-end” encryption, in which messages are inaccessible even to the tech companies transmitting the data, makes it harder for the NSA to conduct surveillance. But the NSA’s mission is also to protect U.S. networks from foreign hackers—a job that’s made easier by stronger security measures.
That tension between ensuring legal government access to data while keeping out hackers is at the heart of the administration’s conflicted approach to encryption. Most technology experts warn that any “backdoor” for government access can, at least in theory, also be exploited by hackers.
After a lengthy internal deliberation, the White House concluded last year that it would not ask Congress to pass legislation ensuring government access to encrypted data. Instead, the White House is focused on working with tech companies to try to find some other voluntary solution to address the issue. Senior administration officials, including White House Chief of Staff Denis McDonough, met with CEOs of major tech companies in San Jose, California earlier this month to discuss encryption (among other issues).
But the White House’s decision hasn’t settled the debate in Congress. Senate Intelligence Committee Chairman Richard Burr and ranking member Dianne Feinstein are working on legislation to force tech companies to comply with court orders for data. Sen. Mark Warner, a Virginia Democrat, and House Homeland Security Chairman Michael McCaul, a Texas Republican, want to take a more cautious approach and create a commission to study the issue more thoroughly.
For the proponents of government access to data, the terrorist attacks last year in Paris and San Bernardino added even more urgency to the debate. Speaking at Monday’s tech conference, the Justice Department’s Caldwell said that a shooter in Garland, Texas last year sent more than 100 text messages to an overseas terrorist.
“We have no idea what he said because it was encrypted,” she said. “That is a big problem. We have to grapple with it.”