A new crypto war is underway.
At a hearing in Washington, D.C., on Wednesday, the FBI endured outright hostility as both technical experts and members of Congress from both parties roundly criticized the law enforcement agency’s desire to place so-called backdoors into encryption technology.
Amy Hess, the FBI’s executive assistant director for science and technology, reiterated to the House Committee on Oversight & Government Reform the bureau’s decades-old fear of “going dark” because encryption will make criminal investigations more difficult.
“We’re certainly not going to go dark,” Rep. Jason Chaffetz (R-Utah) responded. “And in many ways we’ve never been brighter.”
“Creating a technological backdoor just for good guys is technologically stupid,” said Rep. Ted Lieu (D-Calif.), a Stanford University computer science graduate. “That’s just stupid.”
Lieu blamed the NSA’s vast surveillance apparatus, saying the agency “violated the Fourth Amendment rights of every American for years” and has caused a vast public reaction.
“Our founders understood that an Orwellian overreaching government is one of the most dangerous things this world could have,” Lieu said.
When asked if the FBI ever tracks Americans’ geolocation without a warrant, Hess reluctantly answered yes but declined to provide details to the public despite Chaffetz encouraging her to do so.
But, also, DOJ pretty clearly gets at least site/sector level geolocation data without a warrant.— Julian Sanchez (@normative) April 29, 2015
Hostility to Hess came from multiple angles, including from Rep. Blake Farenthold (R-Texas), who said he sees no practical way to implement the FBI’s proposal of encryption backdoors. He predicted other countries would become havens and provide strongly encrypted phones, creating a black market for encryption that would be difficult or impossible to control.
Farenthold asked the panel of witnesses if anyone thought it was possible to build a technically secure “golden key.” No one raised their hands.
Hess emphasized that the FBI “fully supports encryption” and even said it was good advice for people to encrypt cellphones. Hess echoed Massachusetts District Attorney Daniel Conley and Rep. Robin Kelly (D-Illinois), who said, “there is a balance to be struck here.”
The technical experts and almost every other congressperson didn’t think the balance proposed by the FBI was possible from technical, legal, and policy perspectives.
“I, for one, am not willing to give up every bit of privacy for security; so how do we find that balance?” Chaffetz asked. “It’s impossible to build a backdoor for just the good guys. I worry about unintentional vulnerabilities.”
Conley made the most colorful remarks of the day, including saying that he didn’t believe technical experts who said building backdoors is impossible.
“Did John Kennedy say we couldn’t go to the moon?” Conley asked. “He said no, we’re going to go because it’s the hard thing to do.”
“I’m a proud and patriotic American, too,” Farenthold responded. “But maybe the proper analogy would be if Kennedy said ‘We’re going to go the moon and no one else is ever going to go. Ever.’”
Conley cited upskirt photos, child pornography, and even the Boston Marathon bomber criminal case as reasons to forbid encryption without a backdoor, though he didn’t provide support in his brief remarks.
Leiu took exception to those remarks and said he was offended by Conley’s assertions. Conley then proposed that a backdoor be implemented on personal devices but corporate networks be allowed to keep strong encryption with no “golden keys.”
The state of computer security is “an emerging national crisis,” Matthew Blaze, a professor of information science at the University of Pennsylvania, said. And strong encryption is one of the few solutions in existence.
The FBI’s ideas would “weaken our infrastructure,” Blaze insisted. “The ultimate beneficiaries are criminals and rival nation states.”
“The FBI’s proposal to require encryption backdoors is a threat to fundamental human rights of privacy and free expression,” Carey Shenkman, a human rights and technology lawyer, told the Daily Dot. “That is the reason why free speech and privacy organizations around the world, including [United Nations] experts, adamantly say ‘no’ to backdoors.”
“Back doors also are counterproductive—they undermine our safety, because they put holes in systems that any attacker or hacker can exploit,” Shenkman added. “And, they make our businesses less competitive because other markets will not trust U.S. digital exports.”
Update 9:29am CT, April 30: Video of the hearing added.
Illustration by Max Fleishman