What It Means to Have an ‘Adult’ Conversation on Encryption – Pacific Standard

In 2017, we need to move past the debate over backdoors.

By Kevin Bankston

Since last summer, Federal Bureau of Investigation Director James Comey has been signaling his intent to make 2017 the year we have an adult conversation about encryption technologys impact on law enforcement investigations. Hes probably going to get his wish, but if a new report from leaders in Congress is any indication, its not going to be the conversation he wants. Rather, as that new report from the House working group investigating the encryption issue recognizes, having the adult conversation about encryption means talking about how law enforcement can adapt to a world where encryption is more common, rather than wrongheadedly forcing the technology to adapt to law enforcements needs.

To Comey, being adult about encryption apparently means agreeing with his conclusion that the existence of unbreakable encryptionfor example, the full-disk encryption that protects your iPhone against anyone who doesnt have your passcode, or the end-to-end encryption that protects your iMessages and Whatsapp texts as they cross the Internetposes an unacceptable threat to law and order. Being an adult, to Comey, means accepting the argument that technology companies should design their products to ensure that the government can access any data it needs in an investigation, whether by building (in the words of his opponents) a backdoor into strongly encrypted products, or by not deploying that encryption in the first place. Being an adult, to Comey, means supporting efforts to legally require tech companies to ensure government access, if they wont do it voluntarily.

When Comey insists that we havent yet had the adult conversation on this issue, hes insulting everyone who has disagreed with himwhich is almost everyone whos voiced an opinion on the subject, that disagreement flowing in an endless stream of expert white papers (issued by adult institutions like the Massachusetts Institute of Technology and Harvard University), editorials, coalition letters, Congressional testimony, National Academies of Sciences proceedings, and more.

Ever since this latest debate over encryption was first sparked in the fall of 2014, when Apple announced that new iPhones would be completely encrypted by defaulta debate that peaked with last years court fight between Apple and the FBI over the locked iPhone of one of the San Bernardino shootersthe clear consensus among experts has been that any kind of mandate on companies to weaken their products security to ensure government access to encrypted data would be devastating to cybersecurity and to the international competitiveness of United States tech companies. It would also be futile, since U.S. companies dont have a monopoly on the technology, making it trivial for bad guys to obtain strong encryption products, no matter what Congress does. It is these exact same arguments that won the day in the Crypto Wars of the 90s when a similar policy debate over encryption arose.

Importantly, its not just privacy advocates and privacy-minded tech experts making these arguments. Opposition to backdoors has been voiced by leaders from the national security and law enforcement establishmentall of them indisputably adults!such as former National Security Agency director and director of National Intelligence Mike McConnell, former NSA and Central Intelligence Agency Director Michael Hayden, former Department of Homeland Security Secretary Michael Chertoff, andin agreement with his fellow members in President Barack Obamas handpicked Review Group on Intelligence and Communications Technologiesformer CIA Director Michael Morrell. And thats just the Michaels! The list of expert adults that have disagreed with Comey at this point is staggeringly long.

Despite that broad consensus, Senators Richard Burr and Dianne Feinstein floated draft legislation last year that would broadly require any provider of any encrypted product or service to be able to produce any encrypted data on demand. Although that bill was almost universally panned at the time, Comey is probably hoping that similar legislation will have a better chance this yearespecially if he has the support of a new attorney general and a new president that appear to share his views, rather than being held back by an Obama administration that chose not to pursue a legislative solution. (Notably, the fact that the Trump administration seems likely to support backdoors is all the more ironic and hypocritical considering the report that high-level Trump aidesalong with key staff for Hillary Clinton, Obama, and many other political figuresare now using the end-to-end encrypted messaging application Signal for fear of being hacked.)

Still, Comey likely will not get his wish, because the long list of people who disagree with him just got longer: As Congress was preparing to depart for its winter holiday, a House Congressional working group tasked with examining the issue of encryption technologys impact on law enforcement issued a year-end report that signaled a major shift in the crypto debate. The working group, established in May as a collaboration between members of the House Judiciary Committee and the House Energy & Commerce Committee, had spent many months meeting with law enforcement, the intelligence community, privacy advocates, security experts, and tech companies, to help guide its bipartisan investigation. The report, signed off on by 10 House members including the top Republican and top Democrat on each of the two investigating committees, came to an unequivocal conclusion: Congress should not weaken this vital technology because doing so works against the national interest, but should instead work to help law enforcement find new ways to adapt to the changing technological landscape.

In particular, the reports authors arrived at four observations, echoing the arguments of Comeys prior opponents: Weakening encryption goes against the national interest because it would damage cybersecurity and the tech economy; encryption is widely available and often open source, such that U.S. legislation would not prevent bad actors from using the technology; there is no one-size-fits-all fix for the challenges that encryption poses for law enforcement; and that greater cooperation and communication between companies and law enforcement will be important going forward and should be encouraged. As next steps, they suggest further investigation into avenues other than backdoors that can help address the challenges that encryption poses to government investigators, including working to ensure that all levels of law enforcement have the information and technical capacity they need to make full use of the wide variety of data that is available to them even without backdoors.

In other words, the key committees in the House that have jurisdiction over the encryption issue have sent a clear signal to Comey, and to his allies in the Senate like Feinstein and Burr: Sorry, but the House is definitely not interested in legislating to require backdoors. How else can we help you? Though news of the report was somewhat buried due to the holiday timing, that signal has now been heard loud and clear across Washington, D.C. The House does not want to waste any more time on childish bickering over backdoors that essentially everyone but the FBI agrees are a bad idea. In 2017, it wants to have the adult conversation that moves beyond backdoors.

Lets hope Comey is listening.

See the article here:
What It Means to Have an 'Adult' Conversation on Encryption - Pacific Standard