Homeland Security Committee Thinks Backdoors Are Bad, But Encryption Still A Problem The Government Needs To Fix

from the one-half-logic,-one-half-Comey dept

The House Homeland Security Committee has decided to weigh in on the encryption debate with the release of a report [PDF] entitled "Going Dark, Going Forward." Despite the use of Comey's pet term for the increasing deployment of encryption by service providers and device makers, the committee points out backdoors are a terrible way to address the problem.

Initially, lawmakers and some among law enforcement personnel believed the solution was simple: statutorily authorize law enforcement access to obtain encrypted data with a court order. Unfortunately, this proposal was riddled with unintended consequences, particularly if redesigning encryption tools to incorporate vulnerabilities—creating what some refer to as “backdoors”—actually weakened data security. Indeed those vulnerabilities would naturally be exploited by the bad guys—and not just benefit the good guys.

However, it also does not specifically take encryption backdoors off the table. As any good committee would, it suggests the solution lies with the formation of another committee and the generation of studies and reports.

Thus, in our estimation, the best way for Congress and the nation to proceed at this juncture is to formally convene a commission of experts to thoughtfully examine not just the matter of encryption and law enforcement, but law enforcement’s future in a world of rapidly evolving digital technology.

So far, so bureaucratic. The ordering of the formation of a commission (to be called the "National Commission on Security and Technology Challenges") is the tentative step forward -- one that will last an entire year. After that, the discussion of encryption backdoors can resume.

The Committee ordering the formation of a commission also has the unfortunate tendency to portray the government in a rosy glow it certainly hasn't earned.

Congress and the American people have always sought to strike the right balance between the rule of law and individual liberty. Several examples illustrate this point, including debates surrounding the development of a robust anti-money laundering regime in online and in-person banking in the 1980s and 1990s; the Communications Assistance for Law Enforcement Act in the early 1990s; the appropriate use of “roving wiretaps” in response to the widespread adoption of mobile communications in the early 2000s; and current discussions on the proper role of commercial drone technology in public and private arenas.

Even if you ignore the fact that the "debate" surrounding CALEA mostly involved legislators listening to law enforcement lobbying (with compromise only resulting because telcos had similar lobbying weight) and the ongoing secrecy over government surveillance drone use, there's the part about "roving wiretaps." The "debate" that took place here was the result of a secret program being uncovered years after it went into effect. It had nothing to do with the government engaging with citizens prior to granting the NSA and FBI this power.

The House Committee also shows an unfortunate tendency to defer to Comey's encryption assertions. It goes so far as to echo his talking points that have no basis in reality.

In later testimony, Comey further commented, “There is no doubt that the use of encryption is part of terrorist tradecraft now because they understand the problems we have getting court orders to be effective when they’re using these mobile messaging apps, especially that are end-to-end encrypted” [emphasis added]. Indeed, the perpetrators of terrorist attacks in Garland, Texas, Paris, France, and San Bernardino, California, in 2015 all exploited encrypted communications.

The last two attacks listed uncovered no use of encryption. The Paris attackers used normal, unencrypted SMS and the notorious San Bernardino iPhone was eventually cracked by a third party, but revealed nothing of importance after being examined.

It's about as even-handed as one can expect from a committee that still believes there's an "honest conversation" to be had about a subject FBI Director James Comey refuses to discuss honestly. It notes that most countries people consider to be free (mainly Western European) have shot down encryption backdoors, even in the wake of terrorist attacks. The countries where governments have demanded backdoors are no one's idea of civil liberties paradises -- like China and Iran. Presented this way, there's a strong suggestion that the US government shouldn't come down on the side of countries whose human rights records are, at best, highly questionable. That should help keep the conversation more "honest," at least.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, congress, encryption, going dark, homeland security