A leading congressional opponent of strong encryption signaled on Wednesday that he would push for legislation requiring tech companies to help the government bypass their products’ security.
Sen. Richard Burr (R-N.C.), the chairman of the Senate Intelligence Committee, wrote in a Wall Street Journal op-ed that strong, end-to-end encryption—which even device manufacturers and service providers like Apple and Google cannot break—poses a growing threat to national security, because criminals and terrorists can use it to hide their conversations from investigators.
Burr wrote that he and others in Congress wanted to work with tech companies to find a voluntary solution to his concerns, but, he added, “we fear they may balk.”
Echoing Apple’s comments from a recent court filing in a phone-unlocking case, Burr agreed that encryption is “a matter for Congress to decide.”
He pointed to the Communications Assistance for Law Enforcement Act (CALEA), a 1994 statute that requires phone companies to ensure that they can comply with government wiretap requests. A 2004 FCC reinterpretation of the law declared that it also applied to Internet service providers, like Comcast or Time Warner Cable, but it still excludes “edge providers” like Apple and Google, which offer encrypted devices and services that use the Internet but do not sell Internet access itself.
“Technology has outpaced the law,” Burr wrote. “The core statute, [CALEA], was enacted in 1994, more than a decade before the iPhone existed.”
“The time has come,” he argued, “for Congress and technology companies to discuss how encryption—encoding messages to protect their content—is enabling murderers, pedophiles, drug dealers and, increasingly, terrorists.”
Since the Paris and San Bernardino terrorist attacks, Burr and other lawmakers, along with some senior intelligence officials, have pushed the argument that encryption makes America less safe because it prevents spies and cops from seeing everything that terrorists and criminals are saying. They want tech companies to add “backdoors” to their encryption so that investigators can bypass it.
Technical experts point out that encryption backdoors inevitably make technology products less secure; there is no such thing, they warn, as a key that only a “good guy” can use. Furthermore, if U.S. tech companies faced a backdoor mandate, they may lose business to foreign firms that could boast of having stronger encryption. Terrorists and criminals would simply begin using those foreign products, thus continuing to evade law-enforcement scrutiny.
Attempts to “undermine or to create exceptions to what is increasingly the trend to encrypting communications end to end are misguided,” Michael Chertoff, a former Secretary of Homeland Security, told the Washington Post.
In this latest phase of a decades-long battle over encryption, committee chairmen have announced plans for congressional investigations, Burr and his Democratic counterpart are drafting legislation to “pierce” encryption, and the White House remains on the sidelines, thus far refusing to clarify its stance on the issue.
Despite the outcry from privacy activists and security engineers, Burr, one of the loudest voices on the anti-encryption side, isn’t backing down. “It’s time,” he wrote in his op-ed, “to update the law.”
Photo via C_osett/Flickr (PD)