A leading Democratic senator will seek legislation requiring the ability to “pierce” through encryption. The potential bill would allow American law enforcement to read protected communications with a court order.
Sen. Dianne Feinstein (D-Calif.) told the Senate Judiciary Committee on Wednesday that she would seek a bill that would give police armed with a warrant based on probable cause the ability “to look into an encrypted Web.”
“I have concern about a PlayStation that my grandchildren might use,” she said, “and a predator getting on the other end, and talking to them, and it’s all encrypted. I think there really is reason to have the ability, with a court order, to be able to get into that.”
A spokesman for Feinstein’s office told the Daily Dot in an email that the senator has been working with Judiciary Committee Chairman Richard Burr (R-N.C.) on the issue of encryption and that Burr’s office is taking the lead on potential legislation.
“We understand that encryption is a very important part of being secure on the Internet. We also all care about public safety.”
The Federal Bureau of Investigation is actively warning America’s biggest technology companies about the “public safety and national security risks” of encryption, according to FBI Director James Comey.
Deadly terrorist attacks in Paris, San Bernardino, California, and elsewhere around the world have reignited a major U.S. debate about encryption. Feinstein cited Paris as a reason the debate against encryption had evolved so quickly. Despite these concerns, the attackers in both of Paris and San Bernardino did not use encryption to organize or execute the deadly strikes, according to authorities.
The lack of evidence showing that encrypted communications played a role in either the Paris attacks, which killed 129 people, or the San Bernardino shooting, which killed 14 people, has not deterred law enforcement, who believe the technology is making their job more difficult and Americans less safe.
Most Internet and gadget users encounter encryption without ever knowing it. The “HTTPS” connection that allows users to safely buy products on Amazon or access their bank account uses one category of encryption, while newer Apple iOS and Android devices apply strong encryption whenever a user locks her phone
“The tech companies and the FBI both care about safety on the Internet,” Comey told the Senate Judiciary committee in an FBI oversight hearing. “We understand that encryption is a very important part of being secure on the Internet. We also all care about public safety. We also see a collision course between those two things.”
“We see encryption is getting in the way of our ability to have court orders effective to gather information we need in our most important work. We all agree we have to figure out if we can maximize both those values, safety and security on the Internet and public safety. We’re not at war, we care about the same thing.”
Comey said that use of encryption by terrorists and criminals is growing. He offered one example.
Encryption played a significant role in the killing of two people during a shooting in Garland, Texas, earlier this year, Comey said. One of the shooters, Comey said, exchanged 109 encrypted messages with an “overseas terrorist.”
“We have no idea what was said because those messages were encrypted,” he explained. “To this day, I cannot tell you what he said with that terrorist, 109 times the morning of that attack. That is a big problem.”
Comey did not say what kind of encryption software was used in these communications. However, the fact that Comey knew the shooter spoke to an overseas terrorist means that metadata revealed the extensive communications.
Metadata is data surrounding communications that includes phone numbers, times of calls, and identities of callers, or the subject lines of emails. It’s unencrypted and relatively easy for law enforcement to collect.
Over the last two years, Comey has been one of the most prominent figures in the American debate over encryption, increasingly known as the new “Crypto Wars.” He’s consistently warned of terrorist and criminal communications “going dark,” which he says is a “continuing focus for the FBI.”
In response to recent terrorist attacks, President Barack Obama recently said he would “urge high-tech and law enforcement leaders to make it harder to use technology to escape from justice.” Many observers took that to be a comment about encryption.
Comey said on Wednesday that the Obama administration is still not seeking new encryption laws “at this time.” However, conversations are still ongoing.
“We will continue the productive conversations we are having with private industry, state, local, and tribal law enforcement, our foreign partners, and the American people,” Comey said.
Senator Mike Lee (R-Utah) issued rare pushback in the debate over encryption, implying that Comey’s idea essentially mandates that companies have to build their own “backdoors”—intentional weaknesses in the code—in encrypted products.
Lee added that such a rule wouldn’t end the “going dark” problem because foreign companies would not be subject to U.S. law and that individual users could build their own encrypted apps. Comey agreed, saying any solution to the problem has to be international.
“There’s no way we solve this entire problem,” Comey said. “Encryption is always going to be available to the sophisticated user. The problem is, post-Snowden, it’s moved to become default.”
Privacy advocates and technologists have long fought against the idea of a legally-mandated “backdoor” into encryption that would give the government the ability to read any encrypted message, with or without a court order.
“To this day, I cannot tell you what he said with that terrorist, 109 times the morning of that attack. That is a big problem.”
Objections vary, including that doing so would violate and chill free speech. Apple CEO Tim Cook, who has become a prominent encryption advocate, argues that any “backdoor” artificially added to encryption can be utilized by any hackers—not just law enforcement—from petty criminals to those backed by countries like China and Russia.
Comey countered that argument on Wednesday, insisting that the encryption debate is “not a technical issue” because “there are plenty of companies today who provide secure services to their customers and still comply with court orders.”
The FBI director explained his hopes for the encryption debate by saying that “government doesn’t want a backdoor.”
Instead, Comey said, “if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own what would be the best way to do that. The government shouldn’t be telling people how to operate their systems.”
When Comey argued that “encryption is part of terrorist tradecraft now,” he received a lot of pushback from online observers.
Matt Blaze, a security researcher who testified before Congress on this issue earlier this year, issued a reminder to Comey:
Crypto is also part of consumer tradecraft, business tradecraft, and critical infrastructure tradecraft. https://t.co/ppgjmmpxUk— matt blaze (@mattblaze) December 9, 2015
Update 11:41am CT, Dec. 9: Added comment from Feinstein’s spokesman.
Illustration by Max Fleishman