- Devin Nunes is suing Twitter over parody accounts of his mom, cow Monday 8:15 PM
- The best new movies at SXSW 2019 Monday 7:55 PM
- #AbledsAreWeird demonstrates how not to treat people with disabilities Monday 7:33 PM
- YouTubers keep uploading racist meme anthem played by New Zealand shooter Monday 5:38 PM
- Myspace confirms that a decade-plus of user-uploaded music is gone Monday 5:03 PM
- ‘Love, Death & Robots’ suffers from blatant sexism Monday 4:38 PM
- Khloe Kardashian faces backlash for Instagram post saying to ‘love thy racist neighbor’ Monday 4:07 PM
- This Twitter user wants to expose white YouTubers for racist, transphobic content Monday 3:55 PM
- Trump retweeted a QAnon supporter during his Twitter bender Monday 1:24 PM
- Katrina Pierson supports Trump tweeting more about Fox than New Zealand shooting Monday 1:19 PM
- PewDiePie’s alt-right ties are impossible to ignore Monday 1:05 PM
- With this blade, I protect this meme Monday 12:48 PM
- Lead actress in ‘The Color Purple’ revival criticized for homophobic post Monday 12:39 PM
- ‘Arrested Development’ ends the same way it did the first time—unceremoniously Monday 12:10 PM
- Alleged gunman tried to rob YouTuber Adam22 during livestream Monday 11:32 AM
Here’s what to expect from the high-profile witnesses at the House encryption hearing
The FBI and Apple will both be there, but they’ll be on separate panels.
The witness list for the hearing, released Thursday by the House Energy and Commerce Committee’s oversight subcommittee, reveals that the FBI has tapped its top technology official to lead a panel of police witnesses in the hearing’s first panel. Apple, meanwhile, will dispatch its top lawyer, a veteran of congressional technology hearings, to anchor the second panel, which is stocked with security experts.
The hearing comes on the heels of a bitter dispute between Apple and the Justice Department over access to the locked iPhone of one of the San Bernardino shooters. The government dropped its demand for a court order compelling Apple’s unlocking assistance when a third party presented it with another method.
That fight may be over, but the war continues. The government still wants Apple’s help unlocking another iPhone, this one in a drug case in New York, and it also secured an order for a phone in Massachusetts.
The rise of these iPhone court battles signals a new phase in a long-running debate over the role of encryption in public life. Government officials, arguing that criminals and terrorists are increasingly using encryption to mask their activities, want tech companies to design their encryption so that they comply with court orders seeking encrypted data. Technologists and privacy advocates reply that the only way to do this is to fundamentally undermine the encryption that protects Americans in their everyday lives.
The leaders of the Senate Intelligence Committee, Sens. Richard Burr (R-N.C.), and Dianne Feinstein (D-Calif.), have introduced a bill that would require companies to be able to decrypt their data in response to court-issued warrants.
No one has pressed the case for guaranteed-access schemes in encryption—which critics call “backdoors”—harder than FBI Director James Comey, who fielded questions from lawmakers about encryption and the San Bernardino fight at a March 1 House Judiciary Committee hearing.
But for next week’s hearing, Comey is sending Amy Hess, the head of the FBI’s Science and Technology Branch, which handles encryption, hacking, and computer crimes.
Hess last testified before Congress on April 29, 2015, making the case for a guaranteed-access mechanism in commercial encryption and sparring with skeptical House Oversight Committee Chairman Jason Chaffetz (R-Utah).
Joining Hess are three law-enforcement officials whose thoughts on encryption are less clear than the FBI’s stance.
Ron Hickman, the sheriff of Harris County, Texas, will testify on behalf of the National Sheriff’s Association. That group supported the Justice Department in the San Bernardino court fight, but Hickman’s comments about encryption at an April 11 encryption summit suggest that he is amenable to civil-liberties groups’ concerns.
“I think that when we provide perception to the public that we have some secret, backdoor kind of way to do things,” he said, “that trust is eroded.”
Hickman again used the term “backdoor,” which law-enforcement officials like Comey consider derogatory, on his Facebook page, describing the debate as one about whether the government should “compel technology companies to provide a ‘back door’ into systems and software.”
Even less is known about what the other two law-enforcement witnesses—Thomas Galati, chief of the New York Police Department’s intelligence division, and Charles Cohen, head of the Indiana Internet Crimes Against Children Task Force—think about encryption.
In a 2012 interview with Cohen on a website dedicated to forensics, the Indiana State Police captain said, “When a criminal can store electronic evidence or contraband in an encrypted container on a server physically located on another continent, investigators have to consider a paradigm shift in computer forensics.” But Cohen did not recommend any specific policy changes in response to the rising use of encryption.
An Internet search revealed no comments by Galati on the subject.
Apple General Counsel Bruce Sewell, representing the other side of the debate, is likely to reiterate many of the arguments he advanced at last month’s Judiciary hearing, where he warned that requiring companies to design their encryption to facilitate warrants would damage Apple’s ability to protect its users’ data and thus erode consumer trust.
Testifying alongside Sewell are three opponents of backdoors with very different backgrounds.
If there is an encryption rock star among these three experts, it is Matthew Blaze, an associate professor of computer science at the University of Pennsylvania. In 1994, Blaze discovered a serious security flaw in the Clipper chip, a National Security Agency device that the Clinton administration wanted tech companies to place in their products to let the government decrypt their communications.
Blaze’s discovery effectively killed the Clipper chip and ended the first phase of the so-called “crypto wars.” Now, he’s back to fight that war all over again. He has savagely attacked the Burr–Feinstein encryption bill, lending his credibility to the coordinated pushback against the legislation by calling it “worse than Clipper.”
Joining Blaze will be Daniel Weitzner, the director of the MIT Internet Policy Engineering Initiative. Weitzner previously advised President Obama on tech issues as Deputy Chief Technology Officer for Internet Policy. He helped write a 1997 report that was sharply critical of key escrow, an approach to backdoors that involves maintaining one-size-fits-all decryption keys.
“The credentials, the keys, other tools that you need to break into a communication are going to be spread out very widely,” Weitzner told the Daily Dot last July, “and all someone has to do is steal those or impersonate the person who is authorized to use the backdoor.”
It is the fourth witness on the security panel who has provoked the most intrigue among privacy advocates awaiting the hearing. Amit Yoran, the president of security firm RSA, now a division of the EMC Corporation, will have to walk a fine line as he analyzes the security risks of requiring companies to use backdoored encryption.
In the mid-2000s, the NSA paid RSA $10 million to adopt a random-number generator called Dual Elliptic Curve as the central algorithm in its BSafe software. The NSA had secretly designed Dual_EC with a backdoor—allowing it to predict the number generation and thus unscramble any encryption built on top of it—and it knew that RSA’s adoption of the code would create a ripple effect in the security industry.
It worked. Many other companies began using Dual_EC before security researchers revealed the backdoor and prompted the National Institute of Standards and Technology to withdraw the flawed algorithm.
The Dual_EC flare-up was one of the first salvos in the latest phase of the crypto wars, and it continues to resonate today.
Correction: Columbia University hosts a copy of the 1997 key-escrow report but did not supervise or exclusively publish it.
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.