With the debate over encryption ramping up again in the wake of the Paris attacks, Ron Wyden is simultaneously exasperated and determined.
The Oregon Democrat is one of the most vocal privacy advocates in the Senate, where he has led the fight against controversial technology bills like the cybersecurity legislation CISA. Now, two Senate committees are preparing to investigate whether strong encryption is endangering America by helping criminals and terrorists hide their conversations from police and spies. In an interview on Wednesday afternoon, Wyden told the Daily Dot that he had seen this movie before.
“Too often in the past, particularly when the Congress understandably gets caught up in the moment, there’s not enough effort to think through the implications of various policies, and you end up with what I call the lose-lose strategy,” Wyden said. “People want more safety and more liberty, [but] we end up with not much of either. That is a foolish way to go.”
“People want more safety and more liberty, [but] we end up with not much of either. That is a foolish way to go.”
Wyden has made this argument on many issues, but none has proved more vexing for him than the National Security Agency’s mass-surveillance programs. Every time someone has defended the agency’s bulk collection of phone records, Wyden has pointed to page 104 of a presidential review group’s report on the program. It reads: “The information contributed to terrorist investigations by the use of section 215 telephony metadata was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.”
“I’ve said it so often that the staff says, ‘Here comes Ron citing page 104,'” Wyden said.
To Wyden, the defense of the telephone metadata program and the criticism of encryption are linked. CIA Director John Brennan, in a speech after the Paris attacks, condemned strong encryption and suggested the need to address “inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve.”
Sen. Richard Burr (R-N.C.), the chairman of the Intelligence Committee and a frequent sparring partner of Wyden’s on surveillance issues, said Tuesday that his committee would review the subject of encryption. He also said that American tech companies should install “backdoors” in their encryption so that law enforcement can surveil criminals using their products. Security experts uniformly oppose backdoors because of the myriad technical vulnerabilities that they introduce. Wyden argued that, in addition to being dangerous, they were also futile.
“It doesn’t add up to me to do that when terrorists can fairly easily obtain encryption products from around the world right now,” he said.
Wyden was also quick to note that businesses would suffer financially if Congress mandated backdoors or if U.S. officials prevailed in their ongoing efforts to convince companies to add them. The Edward Snowden leaks have already damaged American companies’ reputations. Backdoors could be the last straw for many current and potential customers, driving a mass migration to foreign products that could seriously damage U.S. firms’ bottom lines.
“If you required U.S. companies to actually weaken their products, weaken encryption,” Wyden argued, “it would just drive consumers to all these distributed systems around the world where we’d have even less [legal] leverage in terms of protecting both safety and liberty.”
“I don’t want companies to be required to undermine the security of their products.”
Backdoors aren’t the only request from law enforcement. Some officials, including Deputy Attorney General Sally Yates, have suggested that tech companies stockpile one-time-use keys to bypass encryption in individual circumstances. But Wyden has tried to discredit that proposal, too. At a Senate Intelligence Committee hearing in September, Wyden got NSA Director Adm. Mike Rogers to admit that leaving keys sitting around created new security risks.
“I don’t want companies to be required to undermine the security of their products,” Wyden said, rejecting “this notion that there’s somehow golden keys out there.”
If Burr follows through on his plan to hold encryption hearings, Wyden will be there, ready to raise the civil-liberties concerns for which he has become a reliable voice in Congress.
“If you go into these discussions,” Wyden said, “it’s very important to be watchful for knee-jerk approaches that don’t give you more safety and put at risk your liberty.”
Photo via Sam Craig/Flickr (CC BY 2.0) | Remix by Max Fleishman