Legislation to establish a commission on encryption and other security issues "is going to happen," said Col. Andrea Thompson, a national security adviser to the House Homeland Security Committee.
Col. Andrea Thompson, a national security adviser to Rep. Michael McCaul (R-Texas), spoke at a Jan. 14 event hosted by AFCEA's Central Virginia chapter. (Photo: Sean Lyngaas)
CHARLOTTESVILLE, VA. -- Recent terrorist attacks have given lawmakers momentum in setting up a commission that would address encryption and other security issues, according to a House Homeland Security Committee adviser.
"I firmly believe [the commission] is going to happen, it's just a matter of getting in the queue," said Col. Andrea Thompson, a national security adviser to Rep. Michael McCaul (R-Texas), the committee's chairman. Aides to House Speaker Paul Ryan are briefed weekly on setting up the commission, Thompson said at a Jan. 14 roundtable discussion hosted by AFCEA's Central Virginia chapter.
Last month, McCaul announced his intent to introduce legislation establishing a "national commission on security and technology challenges in the Digital Age." One of the commission's headline issues is the challenge posed to law enforcement by end-to-end encryption, which can render suspects' communications unreadable, even with a warrant. Encryption, however, is also foundational to Internet security, underpinning global e-commerce and, when used properly, protecting dissidents in authoritarian regimes.
A congressional aide told FCW that lawmakers could introduce a bill establishing the commission in the "near future."
Last month's terrorist attack in San Bernardino, Calif., and an attempted attack in May in Garland, Texas, have awoken many to the intersection of end-to-end encryption and national security, according to Thompson. She emphasized that she was speaking in a personal capacity and not on behalf of the committee.
"I think it's resonating now that this is a bigger problem," Thompson said, adding, "those attacks have…brought it to light."
FBI Director James Comey has told Congress that one of the two men who opened fire in Garland had sent 109 encrypted messages to an "overseas terrorist" beforehand.
Technologist, privacy activists, academics and law enforcement official would be part of the commission, McCaul has said. Sen. Mark Warner (D-Va.) has backed the commission, giving it bipartisan and bicameral support. The commission would not be "like other blue-ribbon panels, quickly established but soon forgotten," McCaul and Warner wrote in the Washington Post.
Comey sounded upbeat in his testimony last month that federal officials and technology firms were reaching some common ground in what has been dubbed the latest round of the crypto wars.
What that common ground looks like in practice is an open question. Federal officials like Comey cite the ingenuity of Silicon Valley in expressing their belief that there is a technical solution to the challenge. Yet many technologists shake their heads at that notion.
Weaken encryption by creating a "back door" for law enforcement access, tech experts say, and you potentially unleash security vulnerabilities on ordinary Internet users. They point to the revelation of a backdoor in firewalls made by Juniper Networks as a cautionary tale.
Thompson acknowledged this IT ripple effect in her remarks. "When you open the back door…you've now opened that same door to folks to get into your system," she said.
Rep. Will Hurd (R-Texas), who has worked for a cybersecurity firm, has been critical of Comey's portrayal of encryption as an impediment to counterterrorism efforts. When McCaul announced plans for the digital security commission, Hurd told FCW that he would speak to McCaul to make sure the commission has the "right folks in the room," representing all sides of the issues.
In her remarks, Thompson described the "shuttle diplomacy" the House Homeland Security Committee used to get representatives of tech firms like Microsoft and Google in the same room as federal officials.
The committee's staff met separately with each side first and then altogether in unannounced meetings. The private-sector executives and government representatives did not have an advance list of attendees, Thompson said.
"It kind of stalled out, and we thought maybe without a more formal mechanism, this isn't going to continue to move forward," Thompson said, describing the impetus for a commission with a budget and staff.
When asked what had spurred interest from tech firms in participating in the meetings, Thompson cited the recent security threats. "Candidly, they know that change is coming and they want to be part of that solution," she added. "So you can either bring some ideas forward and help shape that, or get it jammed down your throat."