Where does the debate over encryption go from here?
In 2016, the San Bernadino killings elevated encryption to national discussion as the FBI and Apple waged a very public battle over how much authority law enforcement should have in subverting encryption technologies that otherwise ensure privacy for users around the globe.
Recently, FBI Director James Comey said a national post-election discussion on encryption is necessary before “something terrible happens,” stating encryption is currently the lone barrier in unlocking and collecting evidence from 650 devices received from state and local governments in 2016 alone. The FBI will produce a report on how encryption affected its operations in 2016 sometime in the coming months, and it may serve as a backbone for their arguments for reduced or weakened encryption.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Not surprisingly, privacy advocates and many large tech companies share opposing viewpoints, favoring the furthering of encryption technologies as mobile devices and internet connectivity become more ubiquitous in society.
Could Congress tip the balance, or at least help close the major divide?
Rep. Will Hurd, R-Texas, who predicted encryption would become major national issue in 2016, believes so. As one of the few technologists in Congress, he’s adamant encryption should not be weakened under any circumstances.
“Our civil liberties are not burdens; they are what make our country great,” Hurd said, speaking this week in an interview with Nextgov. “We can protect our civil liberties, and our digital infrastructure, and chase bad guys all at the same time. Encryption is good for our national security. It’s good for our economy. We should be strengthening encryption, not weakening it.”
Hurd said a common mistake is “law enforcement and the private sector talking past each other.” In other words, there’s a lack of fruitful communication between parties like Apple and the FBI when there ought to be intelligent teamwork.
American companies, Hurd said, walk a tightrope of appeasing an increasingly privacy-aware customer base in a global economy. Customers want privacy, and if they don’t get it from one competitor, they’ll go to another.
Perhaps that reality is highlighted less than the challenges law enforcement faces in dealing with encryption. When those issues rise to national prominence, it’s usually because of an issue—like San Bernadino—that deals with national security.
“How can we work together and achieve the same principles and theories?” Hurd said. “Weakening encryption is not an option, in my opinion.”
Hurd, a former CIA operative who later worked at a tech company, added the encryption discussion shouldn’t be one held in absolutes.
“Here’s the reality: If you know two people are talking on encrypted channels, you know a whole lot of other information about them,” he said.
Email addresses, their mobile phones’ IMEI numbers and applications the users are intentionally using are all likely known data points in such a scenario, Hurd said. In other words, without weakening encryption, there are still many options to further an investigation.
“There are a number of ways we can get access to information,” Hurd said.
It’s also unwise, Hurd said, to simply assume any encrypted plain text message would automatically “show us the keys to the kingdom.”