McCain pushes for encryption legislation in fight against ISIS

McCain pushes for encryption legislation in fight against ISIS

Sen. John McCainJohn McCainRepublicans give Trump's budget the cold shoulder Overnight Defense: Trump budget gets thumbs down from hawks | UK raises threat level after Manchester attack | Paul to force vote on 0B Saudi arms deal Five takeaways from a busy day of Russia hearings MORE (R-Ariz.) is calling for legislation that would require tech firms to build their products in such a way that they can crack open encrypted content in response to legal requests from authorities.

"By taking advantage of widely available encryption technologies, terrorists and common criminals alike can carry out their agendas in cyber safe havens beyond the reach of our intelligence agency tools and law enforcement capabilities. This is unacceptable," the Senate Armed Services chairman writes in a Bloomberg op-ed.

McCain’s proposal would not dictate “what those systems should look like.” Instead, it would require “technological alternatives” to end-to-end encryption, which prevents even the manufacturer from accessing communications.

“This would allow companies to retain flexibility to design their technologies to meet both their business needs and our national security interests,” McCain said. 

The proposal comes with lawmakers increasingly divided on the need for legislation to address encryption technology.

The top two members of the House Intelligence Committee said last week that they have not made any decisions about endorsing a bill regulating encryption standards.

“I don’t think we’re any closer to a consensus on that than we were, I think, six months ago,” Rep. Adam SchiffAdam SchiffHouse Intel panel likely to also subpoena Flynn businesses, Dem says Ex-CIA head: Intel showed contacts between Russians and Trump team Trump asked intel chiefs to speak out against FBI's Russia probe: report MORE, the committee’s top Democrat, said at a Christian Science Monitor breakfast. “Or if there is a consensus, it is that a legislative solution, I think, is very unlikely.”

Following the deadly terrorist attacks on San Bernardino, Calif. and Paris, fears that terrorists were using encryption technology to plan attacks beyond the reach of U.S. surveillance sparked a number of lawmakers to call for new legislation.

Senate Intelligence Committee Chairman Richard BurrRichard BurrFive takeaways from a busy day of Russia hearings Rubio: 'All options should be on table' if Flynn refuses new subpoenas Senate Intel panel issues subpoenas to Flynn businesses MORE (R-N.C.) is working on a bill with his committee’s ranking member, Sen. Dianne FeinsteinDianne FeinsteinFlynn refusal sets up potential subpoena showdown No. 2 Senate Republican downplays holding contempt vote on Flynn Congress urges Trump administration to release public transit funding MORE (D-Calif.), that would force companies to decrypt data under court order.

But tech companies and cryptologists have pushed back, arguing that providing any guaranteed access to law enforcement opens up the day-to-day functions of the Internet — like banking — to hackers.

“There have been people that suggest that we should have a backdoor. But the reality is if you put a backdoor in, that backdoor's for everybody, for good guys and bad guys,” Apple CEO Tim Cook said in a December interview with “60 Minutes.”

Last fall, Apple rejected a court order to turn over communications sent using its iMessage feature, citing its encryption system.

McCain alluded to those concerns, but insisted “this is not the end of the analysis.”

“We recognize there may be risks to requiring such access, but we know there are risks to doing nothing,” McCain writes.

He compared his proposal to wiretap laws enacted in the 1990s that required telecommunications providers to “enable law enforcement officials to conduct electronic surveillance pursuant to court order,” but did not dictate the technology’s design.

Some lawmakers have taken a more measured approach. House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Sen. Mark WarnerMark WarnerFive takeaways from a busy day of Russia hearings Senate Intel panel issues subpoenas to Flynn businesses Overnight Cybersecurity: Flynn refuses to comply with Senate subpoena | Chaffetz postpones hearing with Comey | Small biz cyber bill would cost M | New worm spotted after 'Wanna Cry' MORE (D-Va.) — worry that a bill like Burr’s and Feinstein’s offering would weaken encryption.

They’re pushing legislation that would establish a national committee to study the topic first, then present potential suggestions to Congress about how police could get at encrypted data without endangering Americans’ privacy or security.

McCain echoed FBI Director James Comey, who in recent months has sought to recast the question of how to provide access to encrypted data as a business challenge, not a technological one.

“We have to encourage companies and individuals who rely on encryption to recognize that our security is threatened, not encouraged, by technologies that place vital information outside the reach of law enforcement,” McCain wrote.

“Developing technologies that aid terrorists like Islamic State [in Iraq and Syria] is not only harmful to our security, but it is ultimately an unwise business model.”