Lawmaker Tasks DHS With Finding a ‘Balance’ on Encryption


There’s a middle ground between personal privacy and effective law enforcement, Homeland Security Chairman Michael McCaul says.

One lawmaker wants the Homeland Security Department to take up the torch in the government’s efforts to find solutions to the longstanding debate over encryption on personal devices.

In October, House Homeland Security Committee Chairman Michael McCaul, R-Texas, asked then-acting DHS Secretary Elaine Duke to convene a group of experts to better understand how encryption affects federal, state and local law enforcement investigations. The agency could use the information to help those groups work together with the tech industry on obstacles presented by encryption, he said.

“Many have cast this issue in stark terms that promote a false choice between effective law enforcement and strong privacy protections,” McCaul wrote in a letter released publicly on Tuesday. “I am convinced there can be a balance of these interests.”

The federal debate on encryption has reared its head sporadically since the standoff between the FBI and Apple over encrypted cell phone used by San Bernardino shooter Syed Farook. The FBI wanted Apple to help it bypass an automatic wiping function that would have prevented police from examining information stored in the phone. Apple argued undermining protections for that one phone would damage security for all iPhone users.

A bipartisan report by two House committees determined that laws weakening encryption would do little to curb crime and terrorism, but lawmakers like McCaul and Sen. Mark Warner, D-Va., have sought out alternatives that would protect citizens’ privacy without impeding law enforcement.

Some middle-ground strategies include:

  • Gleaning information from metadata—which is typically unencrypted—about how, when and where a message was sent, rather than its contents.
  • Improving collaboration between tech companies and federal, state and local law enforcement, so investigators have a better understanding of the scope and breadth of unencrypted data they can obtain with a warrant.
  • Exploring ways police can legally hack into criminals’ information by exploiting computer vulnerabilities—such as software the criminals haven’t updated—without relying on tech firms’ cooperation.

In early 2016, McCaul and Warner introduced a bill to create a Digital Security Commission to find middle-of-the-road solutions for encryption, but the proposal never got off the ground.

Given the agency’s existing relationships with law enforcement groups across the country, McCaul said Homeland Security is well positioned to tackle the encryption issues that often impede criminal investigations. State and local law enforcement agencies in particular will benefit from the collaboration efforts, he said, because unlike federal groups, they often lack the resources, technology and training to deal with encrypted data.

“I am confident that in order to strike a balance between effective law enforcement and strong privacy protections, DHS must play an integral role by collaborating with both the public and private sectors,” McCaul wrote.

He requested that DHS report its findings to the House Homeland Security Committee within 180 days.