Congress May Lack Consensus to Force “Backdoors” Into Encrypted Devices

by Tim Sloane 0

This article in USA Today discusses comments made by Representative Adam Schiff indicating that he doesn’t think a legislative solution is feasible or desirable and that a consensus in Congress has not been reached:

“WASHINGTON — Congress is unlikely to pass legislation to force U.S. tech companies to build “backdoors” into encrypted devices to allow the government to gather information on suspected terrorists, the senior Democrat on the House Intelligence Committee said Tuesday.

“I don’t think a legislative solution at this point is feasible or even desirable,” Rep.Adam Schiff, D-Calif., told reporters at a breakfast hosted by the Christian Science Monitor.

Schiff said he would prefer that lawmakers work with the tech industry to try to come up with solutions. He said it makes little sense to force American companies to let the government break the encryption that keeps their customers’ data private when terrorists and criminals can just turn to products made by foreign companies.

“I think the encryption issue is really a global challenge,” he said.

Congress is struggling with how to handle the complex issue in the wake of last November’s attacks in Paris, where investigators believe that some of the terrorists used encrypted phone apps to communicate via the “Dark Web.”

Senate Intelligence Committee Chairman Richard Burr, R-N.C., and Vice Chair Dianne Feinstein, D-Calif., have indicated that they will introduce legislation that would require tech companies to provide a backdoor into encrypted communication when law enforcement officials obtain a court order to investigate a specific person.

Companies such as Apple and Google — responding to consumer demands for privacy — have developed smart phones and other devices with encryption that is so strong that even the companies can’t break it. Silicon Valley opposes any effort by Congress to mandate backdoors into encryption, warning that it would have the unintended result of making Americans more vulnerable to hackers and identity thieves.

‘I think that’s going to be very tough to move forward with,’ Schiff said of the proposed Senate bill. ‘At present, we really lack a consensus (in Congress).’ ”

Since it is slowly being recognized that a backdoor approach cripples security and puts US economic interests at risk, Congress is scrambling to investigate new approaches:

“House Homeland Security Committee Chairman Michael McCaul, R-Texas, and Sen. Mark Warner, D-Va., are offering an alternative bill that would create a commission made up of tech industry executives, law enforcement and intelligence officials, college professors and other experts to try to come up with recommendations.

“I think a commission is fine, but it may be a bit redundant,” Schiff said.

Schiff and House Intelligence Committee Chairman Devin Nunes, R-Calif., have already asked the National Academy of Sciences to issue a report on whether it is technologically possible to come up with ways for law enforcement and intelligence agencies to conduct legitimate investigations without sacrificing privacy or opening the door to hackers.”

It should be pointed out that encoding a message to secure its communication between participants is public information and extremely easy to implement, no large corporation or mathematics background is required.

Bruce Schneier, who I had the pleasure of working with several years ago, published one such encoding process in the novel Cryptonomicon by Neal Stephenson. This novel has a detailed description of how to encrypt messages using a deck of cards that is “secure even against the most well-funded military adversaries with the biggest computers and the smartest cryptanalysts.” I’m a terrible programmer but have high confidence that I could program this algorithm to work on my email messages.

The encryption genie is out of the bottle and can’t be put back no matter what Congress legislates. Motivated criminals can easily find an encryption technique that will protect their messages from government agencies. But recent history has clearly shown that other countries will stop using US software and hardware if they even suspect it has a backdoor; which will definitely hurt our economy.


Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Read the full story here