In 2017, we need to move past the debate over backdoors.
By Kevin Bankston
Since last summer, Federal Bureau of Investigation Director James Comey has been signaling his intent to make 2017 the year we have an “adult” conversation about encryption technology’s impact on law enforcement investigations. He’s probably going to get his wish, but if a new report from leaders in Congress is any indication, it’s not going to be the conversation he wants. Rather, as that new report from the House working group investigating the encryption issue recognizes, having the “adult” conversation about encryption means talking about how law enforcement can adapt to a world where encryption is more common, rather than wrongheadedly forcing the technology to adapt to law enforcement’s needs.
To Comey, being “adult” about encryption apparently means agreeing with his conclusion that the existence of unbreakable encryption — for example, the full-disk encryption that protects your iPhone against anyone who doesn’t have your passcode, or the end-to-end encryption that protects your iMessages and Whatsapp texts as they cross the Internet — poses an unacceptable threat to law and order. Being an adult, to Comey, means accepting the argument that technology companies should design their products to ensure that the government can access any data it needs in an investigation, whether by building (in the words of his opponents) a “backdoor” into strongly encrypted products, or by not deploying that encryption in the first place. Being an adult, to Comey, means supporting efforts to legally require tech companies to ensure government access, if they won’t do it voluntarily.
When Comey insists that we haven’t yet had the “adult” conversation on this issue, he’s insulting everyone who has disagreed with him — which is almost everyone who’s voiced an opinion on the subject, that disagreement flowing in an endless stream of expert white papers (issued by adult institutions like the Massachusetts Institute of Technology and Harvard University), editorials, coalition letters, Congressional testimony, National Academies of Sciences proceedings, and more.
Ever since this latest debate over encryption was first sparked in the fall of 2014, when Apple announced that new iPhones would be completely encrypted by default — a debate that peaked with last year’s court fight between Apple and the FBI over the locked iPhone of one of the San Bernardino shooters — the clear consensus among experts has been that any kind of mandate on companies to weaken their products’ security to ensure government access to encrypted data would be devastating to cybersecurity and to the international competitiveness of United States tech companies. It would also be futile, since U.S. companies don’t have a monopoly on the technology, making it trivial for bad guys to obtain strong encryption products, no matter what Congress does. It is these exact same arguments that won the day in the “Crypto Wars” of the ’90s when a similar policy debate over encryption arose.
Importantly, it’s not just privacy advocates and privacy-minded tech experts making these arguments. Opposition to backdoors has been voiced by leaders from the national security and law enforcement establishment — all of them indisputably adults! — such as former National Security Agency director and director of National Intelligence Mike McConnell, former NSA and Central Intelligence Agency Director Michael Hayden, former Department of Homeland Security Secretary Michael Chertoff, and — in agreement with his fellow members in President Barack Obama’s handpicked Review Group on Intelligence and Communications Technologies — former CIA Director Michael Morrell. And that’s just the Michaels! The list of expert adults that have disagreed with Comey at this point is staggeringly long.
Despite that broad consensus, Senators Richard Burr and Dianne Feinstein floated draft legislation last year that would broadly require any provider of any encrypted product or service to be able to produce any encrypted data on demand. Although that bill was almost universally panned at the time, Comey is probably hoping that similar legislation will have a better chance this year — especially if he has the support of a new attorney general and a new president that appear to share his views, rather than being held back by an Obama administration that chose not to pursue a legislative solution. (Notably, the fact that the Trump administration seems likely to support backdoors is all the more ironic and hypocritical considering the report that high-level Trump aides — along with key staff for Hillary Clinton, Obama, and many other political figures — are now using the end-to-end encrypted messaging application Signal for fear of being hacked.)
Still, Comey likely will not get his wish, because the long list of people who disagree with him just got longer: As Congress was preparing to depart for its winter holiday, a House Congressional working group tasked with examining the issue of encryption technology’s impact on law enforcement issued a year-end report that signaled a major shift in the crypto debate. The working group, established in May as a collaboration between members of the House Judiciary Committee and the House Energy & Commerce Committee, had spent many months meeting with law enforcement, the intelligence community, privacy advocates, security experts, and tech companies, to help guide its bipartisan investigation. The report, signed off on by 10 House members including the top Republican and top Democrat on each of the two investigating committees, came to an unequivocal conclusion: “Congress should not weaken this vital technology because doing so works against the national interest,” but should instead work to help law enforcement find new ways to adapt to the changing technological landscape.
In particular, the report’s authors arrived at four observations, echoing the arguments of Comey’s prior opponents: Weakening encryption goes against the national interest because it would damage cybersecurity and the tech economy; encryption is widely available and often open source, such that U.S. legislation would not prevent bad actors from using the technology; there is no one-size-fits-all fix for the challenges that encryption poses for law enforcement; and that greater cooperation and communication between companies and law enforcement will be important going forward and should be encouraged. As next steps, they suggest further investigation into avenues other than backdoors that can help address the challenges that encryption poses to government investigators, including working to ensure that all levels of law enforcement have the information and technical capacity they need to make full use of the wide variety of data that is available to them even without backdoors.
In other words, the key committees in the House that have jurisdiction over the encryption issue have sent a clear signal to Comey, and to his allies in the Senate like Feinstein and Burr: “Sorry, but the House is definitely not interested in legislating to require backdoors. How else can we help you?” Though news of the report was somewhat buried due to the holiday timing, that signal has now been heard loud and clear across Washington, D.C. The House does not want to waste any more time on childish bickering over backdoors that essentially everyone but the FBI agrees are a bad idea. In 2017, it wants to have the adult conversation that moves beyond backdoors.
Let’s hope Comey is listening.