The terrorist attacks in France are resurrecting a push, once thought dead, for legislation guaranteeing government access to encrypted data.
In recent days, government officials have said the Islamic State terrorists may have used encrypted communications channels to plan the deadly strikes in Paris that killed over 100 people and wounded hundreds more.
Although largely unconfirmed, the reports have given purchase on Capitol Hill to what had become an unpopular argument: Government investigators need a way to crack anyone’s encryption during criminal investigations.
“It’s a wake-up call for America and for our global partners, that globally we need to begin the debate on what we do on encrypted networks because it makes us blind to the communications and to the actions of potential adversaries,” Senate Intelligence Committee Chairman Richard BurrRichard Mauze BurrNC Republican primary key test of Trump's sway The 19 GOP senators who voted for the T infrastructure bill Senate votes to end debate on T infrastructure bill MORE (R-N.C.) said Tuesday after a committee briefing on the Paris attacks.
Some lawmakers have used the incident to resurrect a dormant call for legislation that could guarantee federal investigators access to locked data at major tech and Internet companies.
“In the Senate Armed Services we're going to have hearings on it and we're going to have legislation,” Sen. John McCainJohn Sidney McCain20 years after 9/11, US foreign policy still struggles for balance What the chaos in Afghanistan can remind us about the importance of protecting democracy at home 'The View' plans series of conservative women as temporary McCain replacements MORE (R-Ariz.), who chairs the committee, told reporters Tuesday, calling the status quo “unacceptable.”
While tech companies and privacy experts say that strong encryption is necessary to protect consumer privacy — especially after the revelations about National Security Agency surveillance from Edward Snowden — law enforcement officials and some lawmakers say the secrecy is a risk to national security.
“The French clearly in this instance had no understanding that this was going to happen,” New York City police commissioner William Bratton said on CBS’s “Face the Nation” Sunday, blaming encryption. “And we're seeing the ramifications of that.”
For months, privacy advocates had been steadily gaining ground in their fight for universal, unbreakable encryption. They repeatedly argued that any permanent entry point built into encryption exposes all locked data to hackers, weakening global online privacy.
After a year of this pressure from technologists, major Silicon Valley players and digital rights groups, the Obama administration in October publicly declared it would no longer seek a legislative solution that would require companies to decrypt data for law enforcement.
Even supporters of guaranteed access — both on Capitol Hill and in the administration — acknowledged earlier this year that the encryption debate had become too charged for legislation to pass.
“The legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail published by The Washington Post.
But, Litt noted, “It could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
Friday’s terrorist attacks in Paris may be that moment.
"It's causing a lot more attention in Congress,” McCain said.
Momentum in the debate appears to have swung back toward law enforcement, with lawmakers on both sides of the aisle raising the alarm about encrypted technology on Tuesday.
Senate Minority Whip Dick DurbinDick DurbinDemocrats hope Biden can flip Manchin and Sinema US gymnasts offer scathing assessment of FBI The Hill's 12:30 Report - Presented by Facebook - Simone Biles, gymnastics stars slam FBI during Nassar testimony MORE (D-Ill.), the second ranking Democrat, told reporters, “I’m open” to law enforcement’s argument “that the new encryption standards make it more difficult for them to do their work.”
“I want to know what we can do to give them access,” added Durbin, who has sided with privacy advocates before on certain cybersecurity-related topics.
McCain was more direct when asked if he would require tech companies to build a portal into their encryption for government officials.
“Yeah, I would,” he said.
But exactly how McCain and his allies might accomplish this is unclear.
Despite the unexpected light the Paris attacks have shed on the encryption debate, many congressional leaders were unwilling to commit to any specific course of action.
Burr and Sen. Dianne FeinsteinDianne Emiel FeinsteinWarren, Daines introduce bill honoring 13 killed in Kabul attack Democrat rips Justice for not appearing at US gymnastics hearing Former California senator prods Feinstein to consider retirement MORE (D-Calif.), the Intelligence Committee’s ranking member, told reporters they were launching an investigation into the issue.
“The chairman and I will consult other members of our committee will consult and hopefully we will be able to come forward with some proposals that make some good sense,” said Feinstein, adding when pressed on what those proposals might look like, “I don’t think it makes sense to speculate.”
Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonGOP senator: Buying Treasury bonds 'foolish' amid standoff over debt ceiling, taxes Internal poll shows Barnes with 29-point lead in Wisconsin Democratic Senate primary Wisconsin Democratic Senate candidate facing 4 felony charges MORE (R-Wis.) struck a similar tone.
“I’m not sure there's a legislative solution because if we do this with U.S.-based companies, there are going to be other companies around the world that do it,” he told The Hill. “Technology is just going to continue to move forward and it’s going to be a vexing problem.
The complexity of writing a congressional proposal has intensified the pressure on Silicon Valley to voluntarily work with the government on the issue.
“Let me just tell you something, there are things that are more important than the profitability of a private company,” Durbin said. “I think security of the United States is.”
Meanwhile, privacy advocates and their Capitol Hill allies have stood firm.
Encryption is simply a matter of life on the modern Internet, they maintain, and no government action is going to change that.
“It is impossible to use the Internet in 2015 and not use encryption,” tweeted Christopher Soghoian, principal technologist for the American Civil Liberties Union (ACLU). “Terrorists are using encryption = terrorists are using the Internet.”
It’s also far from clear the type of guaranteed access law enforcement is calling for would have allowed officials to actually intercept messages in the lead-up to the Paris attacks.
"It's important to be careful about some of these knee-jerk approaches that don't give you more security and put at risk your liberty,” Sen. Ron WydenRonald (Ron) Lee WydenHouse panel advances key portion of Democrats' .5T bill Advocates call on top Democrats for 0B in housing investments Lobbying world MORE (D-Ore.), a leading digital privacy advocate on Capitol Hill, told reporters Tuesday. "Too often in the past the Congress… comes up with policies that do not do either and that make no sense."
Security experts note that terrorist groups have long developed their own encryption tools that were outside the reach of government rules.
"Requiring companies to weaken their technology when terrorists can fairly easily obtain advanced encryption technology products around the world, doesn't make much sense to me,” added Wyden, who has aggressively pressed law enforcement officials on the matter across a number of congressional hearings.
The contentious back-and-forth is creating uncertainty about how Congress will handle encryption standards.
“I wouldn’t dare even remotely let you believe that we’re on a legislative route,” Burr said. “We’re on an exploratory route trying to figure out what options we have.”
Jordain Carney and Julian Hattem contributed.