After Paris attacks, lawmakers seek greater access to encrypted data
However, some senators want to avoid a 'knee-jerk' response to give law enforcement and intelligence agencies a power they say could harm all consumers’ security and privacy.
WASHINGTON — Even though it's unclear whether Islamic State attackers relied on encrypted communications to plot the Paris attacks, many US lawmakers want law enforcement officials to be able to more easily access secure messages happening via commonly used smartphones and apps.
"In the last 10 days, we’ve had almost 500 people killed as a direct result of terrorism. At some point, this administration has to have a commitment to defeat terrorism, and it’s going to start with better intelligence, as we have seen from the Paris attacks," said Senate Intelligence Committee Chairman Richard Burr (R) of North Carolina.
"And that’s going to require us to look inside, when needed, terrorists’ conversations and communications," he said. "Encryption has been a problem, will continue to be a problem, and that problem will grow."
The White House conducted an extensive policy review on ways to deal with the increasing prevalence of end-to-end encryption in everyday devices such as the iPhone, ultimately deciding earlier this fall to back away from loud calls from law enforcement and intelligence officials for legislation to force companies to unlock what they deemed "warrant-proof" encryption.
Senior officials such as FBI Director James Comey insisted that strong encryption endangers the agency's ability to track dangerous criminals and terrorists. Yet security pros, tech companies, and privacy advocates recoiled at the idea of building what they call a "backdoor" into American products, insisting it would put all consumers’ security and privacy at risk and make customers less likely to buy US devices.
While the White House chose to hold off, the intelligence community’s top lawyer, Robert Litt, noted in an August e-mail obtained by The Washington Post that, while the “legislative environment is very hostile today, it could turn in the event of a terrorist attack or criminal event where strong encryption is shown to have hindered law enforcement." There is value, Mr. Litt wrote, in "keeping our options open for such a situation."
The office of the Director of National Intelligence declined to comment for this story, but the Paris attack – and other Islamic State threats on cities such as Washington – is already prompting senators to call on the White House to revisit the issue.
"Don’t you think that post Paris [the White House] should look into this again and make sure we are doing everything we can to protect our country?" said Sen. Kelly Ayotte (R) of New Hampshire, a member of both the Armed Services and the Homeland Security Committee. “The President should come to us with what he needs to make sure we have the intelligence to protect our country…. With a subpoena – or a warrant, depending on the circumstances – law enforcement should have access to these encrypted devices so that we can keep the country safe."
Chairman of the Senate Armed Services Committee Sen. John McCain (R) of Arizona says he will hold hearings to examine possible legislative fixes. "It’s a national security issue," he said. "I don’t know what the answer is, that’s why we have to have hearings. But the situation now where they have the ability to go to a secure site is unacceptable."
It’s not just Republicans clamoring for a debate.
"Technology is leaping ahead of our capacity," Minority Whip Richard Durbin (D) of Illinois said on the Senate floor. "We are told by our agencies in government that, to keep America safe, we have to deal with encryption standards today.... Put in new standards so we can deal with the encryption where terrorists are hiding their communications from our surveillance, even under court order."
While unnamed officials quoted in major media outlets say encryption likely played a role in the Islamic State’s planning, there has been no official confirmation or details about what kind of devices or apps they may have used. US law enforcement and intelligence agencies are so far not willing to comment on record about the attack’s impacts on the encryption debate at home. This, of course, could change once there’s concrete evidence about communications techniques from the investigation.
Even so, the deployment of encryption on consumer technology has many supporters on and off Capitol Hill. While the terrorist attack in Paris might prompt a debate on the merits of encryption, it remains to be seen whether this latest Islamic State attack will tip the scales in favor of national security over strong measures to protect online privacy and individual security as the drumbeat of high-profile data breaches continues.
Civil liberties advocates have recently gained political clout in the wake of the Edward Snowden leaks, which has also prompted consumer giants such as Apple to increase the use of encryption on its iPhones. What's more, the House of Representatives approved a measure to ban the government from forcing tech companies to place "backdoors" into encrypted devices as part of an appropriations bill.
Cybersecurity experts hailed the White House’s decision to back away from a policy that would require companies to change security measures to accommodate US law enforcement requests. Most digital security experts and privacy advocates say there’s no way to create a channel for the US without creating a "backdoor" that could be exploited by criminal hackers or nation-states.
Even now, after the Paris attacks, some civil liberties advocates on the Hill, such as Sen. Ron Wyden (D) of Oregon warn against hasty policy reactions to a tragedy. "It’s important to be very careful about some of these knee-jerk approaches that don’t give you more security and put at risk your liberty,” said Senator Wyden, a member of the Intelligence Committee.
And even if US authorities were to force American tech companies to decrypt secure communications, Wyden said militants could find other options to secretly communicate. "Requiring companies to weaken their technology when terrorists can fairly easily obtain advanced encryption technology products around the world doesn’t make much sense to me."