Senate Homeland Security chairman: Encryption law could ‘do more harm than good’

The chairman of the Senate Homeland Security Committee on Thursday became the highest-ranking lawmaker to publicly oppose the idea of guaranteeing the government access to encrypted communications.

In response to a question about encryption at an American Enterprise Institute cybersecurity event, Sen. Ron Johnson (R-Wisc.) sharply criticized the notion of mandating “backdoors” in encryption, something that many senior law-enforcement and intelligence officials have requested to help them catch criminals and terrorists.

“I’m not sure that anything we’d do in Washington, D.C., wouldn’t do more harm than good,” Johnson said of legislation requiring tech companies to build backdoors. “Encryption really helps protect personal information. It’s crucial to that. I like the fact that if somebody gets my iPhone, they’re going to have a hard time getting into it.”

Referring to the campaign to mandate backdoors, Johnson said that, in the wake of terrorist attacks and public panic, “You end up with a rush to judgment. When you hear ‘we gotta do something about it,’ run for the hills.”

“I like the fact that if somebody gets my iPhone, they’re going to have a hard time getting into it.”

Johnson’s comments—the clearest support yet for strong encryption from a congressional committee chairman—come in the middle of a heated debate over whether encryption is stymying investigators by allowing terrorists to hide their planning. Despite repeated pleas from security experts, privacy activists, and technologists to leave encryption alone, several senior Obama administration officials, including FBI Director James Comey, have pressured tech companies to add backdoors.

The latest phase of this long-running encryption battle began in September 2014, when Apple released iOS 8 with a form of encryption that even it could not break. That prompted Comey to begin criticizing the company for aiding terrorists. The 2015 terrorists attacks in Paris and San Bernardino, California, prompted more law-enforcement officials—and some lawmakers—to begin studying encryption’s effects on terrorism investigations.

The FBI declined to comment on Johnson’s remarks.

Citing the globalized nature of technology, Johnson rejected the notion that a U.S. backdoor law would solve the problem of terrorists hiding behind encryption.

“Is it really going to solve any problems if we force our companies to do something here in the U.S.?” he asked. “It’s just going to move offshore. Determined actors, terrorists, are still going to be able to find a service provider that will be able to encrypt accounts.”

Kevin Bankston, the director of New America’s Open Technology Institute, called Johnson’s observations “hearteningly spot-on.”

“There’s no shortage of foreign-based encrypted services and open-source encryption tools to turn to if the U.S. foolishly legislates against American companies’ deployment of encryption,” Bankston said in an email.

Regarding the movement to require encryption backdoors, Johnson said, “It really is just not understanding the complexity” of the issue. “It’s incredibly complex.”

“Senator Johnson has shown that he understands technology and the importance of digital security to the future of the Internet,” said Amie Stepanovich, U.S. policy manager at the digital-rights group Access. “If more of our leading lawmakers could adopt Senator Johnson’s point of view, it could be possible for this conversation to move forward.”

Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the chairman and ranking Democrat on the Intelligence Committee, are preparing legislation that will address encryption, although what form that bill will take remains unclear. Neither senator’s office responded to request for comment on Johnson’s encryption comments.

While Burr and Feinstein are writing a bill and two other lawmakers are planning a commission, Johnson said that lawmakers hadn’t yet begun to formally address encryption. “We haven’t taken any test votes,” he said of the issue’s legislative future, “so I really don’t have a clue.”

Johnson didn’t criticize the idea of a commission, instead saying that it was a good idea to hold hearings on the subject and urging experts to brief lawmakers, their staff, and the public.

“What we have to do, though, is lay out the reality,” he said. “Take a look at whatever the supposed solution is to this and go, ‘Are you really going to do more harm than good? And is it really going to solve the problem?’”

Update 12:10pm CT, Jan. 28: Added comment from digital-rights group Access.

Clarification: Sen. Johnson’s office informed the Daily Dot that the senator’s comments should not be read as definitive opposition to an encryption backdoor law, which an earlier version of the headline suggested. A Johnson spokesman said that, while the story itself accurately reflected the senator’s comments, the headline did not. The headline has been updated, and the Daily Dot has requested clarification on whether the senator definitively opposes backdoors in encryption.

Update 2:37pm CT, Jan. 28: Asked to clarify whether Sen. Johnson had fully made up his mind about encryption backdoors, his spokesman said in an email, “An overriding point he was making is that policymakers need more information from experts on this before legislating.”

Photo via Eric Geller

Eric Geller

Eric Geller

Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.