Don’t Undermine Encryption, Bipartisan Congressional Report Warns


Lawmakers suggest workarounds to undermining encryption such as legal hacking and relying on metadata.

Congress should not pass laws that weaken encryption, according to a bipartisan congressional report released today.

That’s true even though encryption technology can make it harder for law enforcement and intelligence agencies to combat crime and terrorism, according to the report ordered in March by Republican and Democratic leaders of the House Judiciary and Energy and Commerce committees.  

Lawmakers requested the report in the wake of a standoff between Apple and the FBI over an encrypted cellphone used by San Bernardino shooter Syed Farook. The FBI wanted Apple to help it bypass an automatic wiping function that prevented police from examining information stored in the phone. Apple argued undermining protections for that one phone would damage security for all iPhone users.

Congress should explore alternative paths investigators might use when confronted with encrypted information, the report suggests.

Those include:

  • Gleaning information from metadata—information about how, when and where a message was sent rather than its contents—which is typically unencrypted.
  • Improving collaboration between tech companies and federal, state and local law enforcement, so investigators have a better understanding of the scope and breadth of unencrypted data they can obtain with a warrant.
  • Exploring ways police can legally hack into criminals’ information exploiting computer vulnerabilities—such as software the criminals haven’t updated—without relying on tech firms’ cooperation.

Requiring U.S. companies to insert government backdoors into their products would do little good because criminals and terrorists would simply use encrypted tools provided by companies based outside the United States, the report found.

“This is a complex challenge that will take time, patience and cooperation to resolve,” the report states. “The potential consequences of inaction—or overreaction—are too important to allow historical or ideological perspectives to stand in the way of progress.”

House Homeland Security Chairman Michael McCaul has pledged to reintroduce a bill next year that would create a commission to tackle encryption issues.

Senate Intelligence Chairman Richard Burr, R-N.C., and outgoing ranking member Dianne Feinstein, D-Calif., floated legislation this year that would compel companies to help law enforcement investigators to gain access to encrypted information stored in their products. It’s not clear if they will introduce that bill in 2017.

President-elect Donald Trump urged a boycott against Apple during its standoff with the FBI, but has not spoken extensively about encryption since.