Anybody who believes in privacy has a new friend in Congress.
On Wednesday, a number of experts and members of Congress railed into the leadership of the Federal Bureau of Investigation and, by extension, FBI Director James Comey for his proposal to force American technology companies, like Apple and Google, to hamper their own encryption services. Comey is a strong proponent of so-called backdoors—widely derided by technologists and privacy advocates alike—or “golden keys” to unlock that encryption. In theory, they would only be available to law enforcement, but experts warn that, in practice, adding backdoors to encryption technologies, which are intended to keep out everyone but the intended senders and recipients, would compromise security for everyone.
This prompted a remarkable parade of outrage from the assembled experts—as fiery as anything you’ll see on C-SPAN—but nobody made more of a splash than Rep. Ted Lieu (D-Calif.), who told the FBI to “just follow the damn Constitution.”
The Daily Dot spoke with Lieu Thursday evening about why he opposes those backdoors, what he thinks of the NSA, and what we should do with people in power who lie to Congress.
You seemed to have left it all on the table on Wednesday, but is there anything else you’d like to say to people in power—notably FBI Director Comey—about the dangers of trying to impose encryption backdoors?
Rep. Ted Lieu: Yes. That it’s not only technologically unfeasible, but the problem with any backdoor is not even the technology, but that you’re dealing with human beings. For example, the NSA has probably one of the most secure facilities in the world. It also happens to have a lot of its secrets right out there in the public because of a human being. [Editor’s note: Snowden. He’s referring to National Security Agency leaker Edward Snowden.]
The notion that you’ll have a vast array of federal employees, and that every single one of them is going to be able to protect this golden encryption key, is simply not realistic. And once you put this weakness into a system, it will be exploited. To intentionally put in a technological backdoor, to me, is technologically naive.
You were in state office before anybody had heard of Snowden, but unlike most vocal NSA critics in Congress, your decision to run for U.S. Congress came after his leaks. And you cited both the NSA and the Fourth Amendment of the Constitution, the one that protects privacy, in your testimony Wednesday. Did you intentionally run to stick up for privacy in Congress?
Absolutely. In the California State Senate, I wrote a law with a Republican, Joel Anderson, that directed California officials to not cooperate with the NSA when it sought private and unconstitutional data unless they had an exception, like a specific warrant on that person.
When I did that law, it was before I had any idea that any congressional seat was going to open. I assumed my predecessor, Henry Waxman, was going to stay in Congress for many years—he was a living legend. So when Congressman Waxman announced his retirement, one of the reasons I did run, in addition to climate change, was to protect our Constitution. In fact, my very first campaign commercial was a TV ad basically saying the NSA should stop violating our privacy.
Do you, personally, use PGP or any other kind of encrypted communications?
What if I said that’s private?
I guess you’re welcome to say that.
Let me add one thing, though. Another thing I learned getting a computer science degree is computer code is simply a series of zeroes and ones. A computer cannot tell if a person typing on a keyboard is the FBI director or the leader of Hamas or a hacker. As long as that person has a golden encryption key, if that series of zeros and ones matches the code designed for a key, it’ll unlock all available data.
It seems the entire world of technologists considers this FBI proposal as very big and very bad, while the FBI seems to view it as a good, relatively small change. Is that fair? Is there an echo chamber in law enforcement and the intelligence community?
Yes. And it’s not a small change. Forcing a private-sector company to intentionally weaken their privacy systems is a major change, not only in that software, but in the whole relationship between the federal government and private sector companies.
What continues to strike me is a lot of law enforcement’s lack of self-recognition of how much overreach they’ve engaged in. A lack of self-reflection. At NSA, you’d think that, with various attempts in Congress to completely shut down the Patriot Act, that the NSA might show some sort of humbleness—say, ‘Ok maybe we want to work with you and stop overreaching.’
But they haven’t done that.
They just continue to keep asserting the same things over and over again. They just ask, ‘Is this protecting national security?,’ which is fundamentally the wrong thing to ask. The first thing to ask is, ‘Is this program constitutional?’
Because the way the government is set up, the oaths that all of us take—including those in law enforcement—is an oath to the Constitution, not an oath to a politcal party or to an agency mission. That means if a law enforcement tactic, or program, or policy is unconstitutional, they cannot implement it, no matter how effective it may be at catching bad guys.
It would weaken consumers’ privacy; but, in addition, it would be so completely defeated. So, for example, it would mean that an American company like Apple, making an iPhone, would have to stick in a technological backdoor. But a foreign manufacturer, like Samsung, wouldn’t. As a result, if you’re a terrorist, you just go, ‘Ah ha! I’m not using my Apple iPhone anymore! I’m using the Samsung phone!’
You told FBI leadership Wednesday that you ‘take great offense’ at their ‘naive’ testimony. Experts have accused the FBI of lying at that hearing. And previous intelligence officials, like Director of National Intelligence James Clapper talking about the NSA tracking American’s phone records, seem to have outright lied to Congress. Do you believe that government officials who intentionally lie about programs should be prosecuted for perjury?
Actions have consequences. And when the Director of National Intelligence lied to Congress? I was not in Congress at the time, but I saw it, I read about it, and it now affects me and how I view our intelligence agencies. And how I vote.
So, for example, I voted against cybersecurity-reform bills, even though they had many good provisions, because I’m unwilling to give any more information to the Director of National Intelligence when that person lied to Congress. And unless people suffer consequences for their actions, it sends a bad message to the American public.
Until our intelligence agencies start taking into account that they serve the American public and the Constitution, you’re going to get more and more adverse reactions to what they do.
But do you think intelligence officials who lie to Congress about programs should be tried for perjury?
I do not know why a federal employee, paid by taxpayers, who lied to congress, has not been brought up on charges. That’s not my call or decision to make, but I don’t really understand not only why a person who lied to Congress is not being brought up on charges, but why that person would remain in their current job.
Now, to change gears here a little—
Can I call you right back? Or, actually, can you wait 30 seconds while I vote, and I’ll come right back?
[Lieu goes silent for a short period. Senior adviser Jack d’Annibale told the Daily Dot after the interview that this was for Lieu to cast a ‘yes’ vote for the Van Hollen Mulvaney Amendment to the Military Construction Appropriation Act.]
Hello. Go ahead.
You seem to have this very strong and principled stance for digital privacy, but for a lack of a better way to put it, I don’t completely understand what drives that for you. Is it just a combination of your computer-science background and how you see it interacting with the Constitution? Where is this coming from?
Part of this is my computer-science background and knowing how technology can be exploited both for good uses and for completely horrible uses. It’s also the fact that I’ve been in government. You know, I was active in the Air Force, a former Air Force prosecutor, and I’ve seen the enormous coercive power of government.
So, for example, it’s true that Facebook collects a lot of private information on people. But it doesn’t have coercive power. The NSA does. The FBI does. Law enforcement agencies do. So, to me, there’s a huge distinction between a private-sector company that may know your private information versus the federal government knowing your private information, unless they have a specific warrant for you.
And part of it is also driven by my belief—it’s not even belief—that the first mission of any elected official, and any agency head, is to follow their oaths. Before you take office, you have to take an oath. That is, again, not an oath to a political party, agency, mission, or to doing a good job. It’s an oath to the Constitution of the United States. Which means the very first question to anything we do is, ‘Is this constitutional?’ Our whole system is designed to say, if it’s not Constitutional, you can’t do it.
And then, I just personally believe that privacy is going to be one of the defining civil-rights issues of the 21st century.
Photo via Ted Lieu/U.S. House of Representatives