While the feud between Apple and the FBI attracts the media attention, Congress is where the real battle over encryption will be fought. And like past congressional forays into complex tech debates (see cybersecurity, online piracy and net neutrality), our elected officials have reliably shown their inability to grasp complex issues and consistently ignored constitutional protections in pursuit of knee-jerk fixes.
Back in 2008, former Rep. Rush Holt told the New York Times that of the 435 House members, “420 don’t know much about science and choose not to.” Not much has changed since. Among both chambers of Congress, less than 10 elected officials have a scientific background or degree.
Remember when Sen. Ted Stevens described the internet as “a series of tubes? Or when Sen. Chuck Schumer admitted he eschewed email? What about when Rep. Jason Chaffetz called to bring in the “nerds” to help him understand online piracy legislation? A hearty laugh was had by all.
Too bad these are the same people (well, not Ted Stevens) now deciding whether or not the government can compel a private company to help it break into its own devices. Not to mention the serious ramifications of that decision on the security and privacy of Americans who already feel under the microscope of excessive government surveillance.
Earlier this month, Sens. Richard Burr and Dianne Feinstein released a draft bill that would force companies to decrypt messages and unlock devices if ordered to do so by court order. Called the Compliance with Court Orders Act, the bill would require an “entity” that receives a court order from the government to hand over “information or data” in an “intelligible format.” It also includes a provision that the entity supply “such technical assistance as is necessary to obtain such information or data.” Riana Pfefferkorn at Just Security has produced a thorough breakdown of the bill and how it will not make Americans safer.
To many, the introduction of this bill by the top officials on the Senate Intelligence Committee demonstrates just how out of touch Congress is on these issues. “Many companies are looking at end-to-end encryption as part of their compliance obligations. So this bill would directly goes against what companies have been moving toward when it comes to data security,” said Kim Phan, an attorney with Ballard Spahr, a law firm specializing in data security.
Other analysts contend the Burr-Feinstein bill will have a detrimental effect on civil liberties. Writing for The Atlantic, Conor Friedersdorf, described the bill as a betrayal:
“A generation ago—after America’s spy agencies were exposed as perpetrators of massive civil-rights violations, abuses of power, and misdeeds abroad—oversight committees were created to protect liberal democracy from the national security state. Senators Dianne Feinstein and Richard Burr now sit on one of those committees. And they are not just shirking their core duty, they are aggressively undermining it.”
BORDC/DDF Board President Sascha Meinrath, writing with Sean Vitka in the Christian Science Monitor, was no less critical, noting that the “Burr-Feinstein antiencryption bill isn’t just bad, it’s evidence of a dangerous incompetence in congressional leadership that is undermining America’s security.” Meinrath and Vitka go on to argue that Burr and Feinstein should be relieved of their duties as leaders of the Intelligence Committee.
Encryption Study Groups
Fortunately, the response by other members of Congress to the tech issue du jour is less rash. In the House, a dozen representatives have formed a working group to “examine the complicated legal and policy issues surrounding encryption,” according to a press release. It will not hold any official hearings, but its members, which are bipartisan and include members of the Judiciary Committee, will meet with technology experts and government officials and propose recommendations that consider privacy and security concerns.
In a separate, competing effort, Rep. Michael McCaul, chairman of the House Homeland Security Committee, and Sen. Mark Warner (D-Va.), a member of the Senate’s Select Committee on Intelligence, have proposed similar bills in both chambers (S 2604 and HR 4651) that would create a national commission with experts in technology, law enforcement, intelligence, privacy, and global commerce to examine the encryption debate from all angles. The commission would be mandated to produce two reports annually, looking into how encryption is used, if current law or warrant procedures should change, the effects of encryption on law enforcement, and the costs of weakening encryption standards. There is support for the measure in both bodies; twenty-six House members support their chamber’s version, with eight on board in the Senate.
While neither approach is perfect, groups like the Electronic Frontier Foundation and the Open Technology Institute have expressed more opposition to the McCaul-Warner commission. Fears that the national commission would “give too much influence to law enforcement and intelligence interests while dragging up issues like mandated backdoors that the organizations believe are settled matters of law” have been expressed by several civil liberty advocates.
Years ago, the now-shuttered Office of Technology Assessment (OTA) employed a group of technology and science experts to educate Congress about emerging technologies. The OTA provided objective and authoritative analysis of complex scientific and technical issues, and drafted frameworks to help guide their implementation. During its 23 year existence, the OTA released more than 750 prescient studies ranging from robots in the workplace, to bioterrorism, to acid rain and climate change. The agency was shuttered by Newt Gingrich in the mid-1990s.
In the OTA’s absence, Congress is left to evaluate the impact of new technology without an independent and unbiased guide. This means it’s too early to know if either proposal will promote and respect security and privacy or will lead to the “backdoor” encryption mandate civil liberty advocates are fighting to avoid.