Following the deadly terrorist attacks in Paris earlier this month, prosecutors and police across the country joined forces this week in a renewed push for legislation guaranteeing access to encrypted communications.
“The proliferation of sophisticated encryption technology and other technological barriers have increasingly hindered law enforcement’s ability to lawfully access criminal and terrorist related communications,” the International Association of Chiefs of Police and the National District Attorneys Association said in statement this week.
“The inability of law enforcement to overcome these barriers (known as ‘going dark’ in the law enforcement community) has already led to numerous instances where investigators were unable to access information that could have allowed them to successfully investigate and apprehend criminals or prevent terrorists from striking.”
Since the attacks by the Islamic State in Paris less than two weeks ago, authorities across Europe and the U.S. have alleged the attackers used encrypted communications services to plan their simultaneous assaults, though evidence supporting their claims has yet to surface.
That hasn’t stopped intelligence leaders, law enforcement heads and defense hawks in Congress from renewing the debate, which was slowly receding from Capitol Hill after the Obama administration indicated a lack of support for so-called “back doors” into encryption products months ago.
Citing a report on the “Going Dark” problem compiled during a law enforcement summit earlier this year, police and prosecutors said it’s “clear that our laws have failed to keep pace with new technology and that urgent and immediate action needs to be taken.”
According to the groups, those actions should include updating the Communications Assistance for Law Enforcement Act, which mandates telecommunications companies facilitate wiretaps for law enforcement investigations, and the Electronic Communications Privacy Act, a law giving agencies access to U.S. companies’ business records — including emails — after they’re 180-days old.
Both laws, which date back more than 20 years, are outdated in reference to contemporary technology, according to lawmakers looking to expand the reach of the legislation, as well as the privacy advocates pushing to reduce their scope.
“Some are calling for the United States to weaken Americans’ cybersecurity by undermining strong encryption with backdoors for the government,” Oregon Democratic Sen. Ron Wyden wrote in a Medium post this week. “But security experts have shown again and again that weakening encryption will make it easier for foreign hackers, criminals and spies to break into Americans’ bank accounts, health records and phones, without preventing terrorists from “going dark.”
Wyden, a frequent surveillance critic on the Senate Intelligence Committee, repeated his endorsement for the Secure Data Act — a bill he introduced last year banning federally-mandated encryption back doors.
Though law enforcement and intelligence may have a tough time in Congress, where lawmakers on both sides of the aisle say back doors will undermine privacy, security and U.S. tech companies competitiveness abroad (where they’re already distrusted over complicity in mass National Security Agency surveillance programs), FBI Director James Comey says they’re making headway with the administration and companies themselves.
“My sense is the venom has been drained out of the conversation, that people understand that we are not some kind of maniacs who are ideologues against encryption,” Comey said during a press conference last week discussing U.S. counter-terror initiatives post-Paris. “We support encryption, but we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
The FBI director, who came out against encryption last fall after Apple announced end-to-end encryption that the company itself would be able to access, said groups like ISIS are increasingly relying on encryption, and that the technical barriers to access aren’t as prevalent as Silicon Valley publicly claims.
“What I have found out through the conversations is … I actually discovered that most people will privately say it’s not a technological problem,” Comey said. “There are plenty of companies whose business models allow them to comply with court orders and nobody thinks they’re fundamentally insecure. It’s about business models and how can a business model be adjusted to allow a company to comply with a court order in a way that’s consistent with their business needs.”
The only serious proposal the government has put forth came from NSA Director Mike Rogers earlier this spring, when the Navy admiral and career cryptologist suggested a “split key” for encrypted services, or multiple agencies retaining part of the key separately at all times.
“I don’t want a back door,” Rogers said during a speech at Princeton University. “I want a front door. And I want the front door to have multiple locks. Big locks.”
Digital privacy advocates claim such a system would significantly increase the complexity of encrypted systems, increasing the likelihood of leaving a flaw or vulnerability for hackers to exploit and intercept data. They also point out any such method would only apply to U.S. companies, and drive criminals and terrorist to adopt foreign encryption.
The end result, they argue, means weakened cybersecurity for Americans, decreased market share for U.S. tech companies and no benefit to law enforcement.
Others ideas floated to the administration included giving judges the power to order companies to set up “mirror accounts,” through which they could surveil the communications of targets in near-real time, and backing up a suspect’s phone to a company server while the device is on and unencrypted. Neither have gotten the White House’s endorsement.