Modern field guide to security and privacy

With national privacy debate unsettled, US intelligence officials back encryption

Lawmakers may still consider measures to force tech companies to decrypt communications, but at a Senate hearing Tuesday two top intelligence officials supported strong digital privacy protections.

 

Kevin Lamarque/Reuters
National Security Agency chief Adm. Mike Rogers at an April hearing on Capitol Hill.

The debate over encryption on smartphones and messaging apps is poised to heat up again on Capitol Hill after it peaked last winter when Apple denied an FBI request to help unlock a terrorist's iPhone.

Senate Intelligence Committee leaders Dianne Feinstein (D) and Richard Burr (R) are apparently working on another push for their bill to compel companies to give law enforcement access to encrypted data if presented with a court order. When the senators initially circulated a draft bill earlier this year, however, privacy advocates and tech industry groups alike roundly criticized their proposal.

On Tuesday, senators returned to the issue of encryption, which many politicians and law enforcement officials such as FBI Director James Comey complain helps terrorists and criminals mask their communications, in an Armed Services Committee hearing with National Security Agency Director Adm. Michael Rogers and Undersecretary of Defense for Intelligence Marcel Lettre.

Sen. John McCain (R) of Arizona said that if the military and intelligence agencies didn't act to address potential security blind spots when it comes to the Islamic State (known as both ISIS or ISIL) using private messaging apps to recruit and plan attacks, Congress would likely pursue legislation to regulate encryption.

"Ignoring the issue, as the White House has done, is also not an option," he said. "ISIL has utilized encrypted communications that just a few years ago were limited to a select few of the world's top intelligence services."

But Mr. Lettre rejected the notion that broad legislation is the answer when it comes to encryption, and said the Pentagon wouldn't prefer a legal approach requiring companies to create a so-called "backdoor" for government access to secure communications.

"From a policy perspective, we're in favor of strong encryption. We benefit from it ourselves," he said, citing his own desire to protect personal data. "So anything that looks like a backdoor is not something we'd want to pursue."

Instead, he said, the government should pursue a case-by-case approach where officials have "quiet" dialogs with tech companies to resolve conflicts such as the one between Apple and the FBI, which erupted after the tech giant denied an agency request to develop software that would weaken password protections for an iPhone used by the slain shooter in the San Bernardino, Calif., terrorist attack, making it easier for investigators to break in.

In the aftermath of that attack and recent terrorism in Europe, Sens. Feinstein and Burr floated their draft bill, which appeared to lose support after widespread criticism. 

But while Lettre said the government should work more closely with tech companies on encryption, lawmakers questioned whether that's a realistic approach.

"I would always rather try to sit down and resolve the situation rather than pass legislation," said Sen. Jeanne Shaheen (D) of New Hampshire. "But right now, we've had mixed reviews of the opportunity to work collaboratively with the private sector to address this issue," she said, noting that Twitter recently cut off US intelligence agencies’ access to its full data feed as an example of the limits of dialogue.

Admiral Rogers came out in favor of encryption to protect military and private networks, while acknowledging that terrorist access to encryption poses a national security threat. He was particularly blunt about the Islamic State's ability to adapt its communications strategy to avoid surveillance. 

"ISIS remains the most adaptive target I've ever worked in 35 years as an intelligence professional," he told the senators. 

But Rogers also attempted to pivot away from the focus on encryption altogether. When Sen. Daniel Sullivan (R) of Alaska asked about the top three threats that keep Rogers up at night, encryption was conspicuously absent from the list. 

Instead, Rogers talked about the day-to-day protection of Department of Defense networks and his concern that terrorists will begin to use the internet as a direct weapon rather than a fundraising or recruitment tool.

He emphasized the need to invest in a range of tools and technologies, rather than focusing narrowly on encryption and signals intelligence. That’s especially important, he said, given the adaptability of terrorist groups like ISIS.

While many politicians have singled out secure communication apps as enabling terrorist planning and recruitment, the message from the tech industry and privacy advocates that encryption also helps protect average consumers and businesses has resonated in Washington, says Neema Singh Guliani, a legislative counsel with the American Civil Liberties Union.

"There are isolated members who continue to push for legislative changes," Ms. Guliani told Passcode. "But more and more members, as well as the general public, understand the value of encryption and are very concerned by those proposals."

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.