Is Congress All Bark and No Bite on Encryption?

Major tra­gedies have a way of shift­ing the le­gis­lat­ive pro­cess in­to hy­per speed. Con­gress passed the Pat­ri­ot Act, for ex­ample, just a little more than a month after the Sept. 11 ter­ror­ist at­tacks. More re­cently, the House draf­ted and passed a bill to lim­it Syr­i­an and Ir­aqi refugees just days after the ter­ror­ist at­tacks in Par­is.  

While the Par­is at­tacks have also re­ignited a de­bate over en­cryp­tion, con­gres­sion­al aides and cy­ber­se­cur­ity ex­perts doubt that at­ten­tion will trans­late in­to ac­tion any time soon.

“I don’t see any­thing im­min­ent,” one House aide fa­mil­i­ar with the is­sue said. “The same mech­an­ics that blocked a le­gis­lat­ive path for­ward a month ago block it today.”

CIA Dir­ect­or John Bren­nan and Sens. Richard Burr and Di­anne Fein­stein, the bi­par­tis­an lead­ers of the Sen­ate In­tel­li­gence Com­mit­tee, all ar­gued last week that en­cryp­ted ser­vices are em­power­ing ter­ror­ists to evade sur­veil­lance.

“I think the biggest threat today is the idea that ter­ror­ists can com­mu­nic­ate in dark space, dark plat­forms, and we can’t see what they’re say­ing. … If you can’t see what they’re say­ing it is very dif­fi­cult to stop it,” House Home­land Se­cur­ity Chair­man Mi­chael Mc­Caul said on CBS’s Face the Na­tion on Sunday.

But any le­gis­la­tion to en­sure the gov­ern­ment can ac­cess en­cryp­ted com­mu­nic­a­tions would face fierce res­ist­ance from the tech­no­logy in­dustry. Com­pan­ies like Apple, Google, and Face­book ar­gue that a “back­door” for the U.S. gov­ern­ment could also be ex­ploited by hack­ers or op­press­ive re­gimes, ul­ti­mately un­der­min­ing trust in their ser­vices. And, they ar­gue, it wouldn’t even help thwart at­tacks be­cause ter­ror­ists would just switch to for­eign ser­vices that could re­main en­cryp­ted.

Jason Healey, a cy­ber­se­cur­ity schol­ar at Columbia Uni­versity’s School of In­ter­na­tion­al and Pub­lic Af­fairs, said that tech­no­logy com­pan­ies already feel burned by the scope of sur­veil­lance re­vealed by Ed­ward Snowden. They would be a ma­jor obstacle to passing any le­gis­la­tion that would un­der­mine en­cryp­tion, he said.

“I would be very sur­prised if you see any sig­ni­fic­ant ac­tion hap­pen­ing quickly,” Healey said. “It’s easy to pass a bill on refugees be­cause they don’t have mil­lions of dol­lar of lob­by­ists in there ar­guing for them.”

Burr, at least, doesn’t care much about pleas­ing the tech com­pan­ies. “We don’t have a re­spons­ib­il­ity to sell their products. We have a re­spons­ib­il­ity to keep Amer­ica safe,” Burr said at a press con­fer­ence last week.

But even he and Fein­stein ac­know­ledge that en­cryp­tion is a tech­no­lo­gic­ally com­plic­ated is­sue, and they are wary of mov­ing too quickly.

“I wouldn’t dare even re­motely make you be­lieve we’re on a le­gis­lat­ive route. We’re on an ex­plor­at­ory route,” Burr said at the same press con­fer­ence. No law­maker has un­veiled a bill yet that would man­date gov­ern­ment ac­cess to en­cryp­ted com­mu­nic­a­tions.

“Look at both of us, look at our age,” the 59 year-old Burr said as he ges­tured to­ward the 82 year-old Fein­stein. “This is a very dif­fi­cult thing for us to un­der­stand be­cause I won’t tell you that we are steeped in tech­no­logy.” (Fein­stein shot back: “Speak for your­self!”)

FBI Dir­ect­or James Comey has been warn­ing about the risks of ter­ror­ists and crim­in­als us­ing en­cryp­tion to “go dark” from sur­veil­lance for more than a year. But last month, after an ex­tens­ive in­tern­al de­lib­er­a­tion, the White House said it would not seek le­gis­la­tion to com­pel com­pan­ies to provide ac­cess to their en­cryp­ted com­mu­nic­a­tions. White House aides have de­clined to re­vise that state­ment in the wake of the Par­is at­tacks.

Sen. Ron Wyden, an Ore­gon Demo­crat and long­time pri­vacy ad­voc­ate, has been lead­ing the charge in Con­gress against any ef­fort to weak­en en­cryp­tion.

“I am stand­ing up against these dan­ger­ous pro­pos­als to en­sure we act based on the facts, not fear, in the days ahead,” he wrote Monday in a blog post titled “En­cryp­tion Is Not the En­emy.”

Re­ports in French me­dia that the ter­ror­ists sent un­en­cryp­ted text mes­sages as they car­ried out their at­tacks have also sapped the se­cur­ity hawks of some of their mo­mentum.

Jim Lewis, a seni­or fel­low at the Cen­ter for Stra­tegic and In­ter­na­tion­al Stud­ies, ar­gued that any solu­tion will re­quire co­ordin­a­tion with oth­er coun­tries and the tech com­pan­ies.

“It’s been such a heated dis­cus­sion, the tem­per­at­ure needs to go down, people need to take a deep breath,” he said.

He also noted that the com­pet­ing jur­is­dic­tions of sev­er­al con­gres­sion­al com­mit­tees over the is­sue would mean a long road ahead on Cap­it­ol Hill.

“If we start now, check back in three years,” he said.