New push to break deadlock over encrypted phones

New push to break deadlock over encrypted phones
© iStock

The debate around encryption is poised to heat up in Washington.

Administration officials and lawmakers are taking another crack at resolving the “going dark” problem and finding a way to give law enforcement access to encrypted communications in criminal investigations.

The Trump administration is said to be meeting with security researchers on the potential for a technical fix that would allow law enforcement access in some cases to encrypted devices.

ADVERTISEMENT

Officials are also mulling whether to ask Congress for legislation that would require tech companies to build such tools — which critics call “back doors” — into their devices, according to The New York Times.

Separately, Senate Judiciary Committee staffers have been engaging with technology industry representatives on the issue of encryption in recent weeks, sources say, an early sign that new legislation could be forthcoming.

The issue has long been a source of tension between law enforcement and the tech community, culminating in a public tug of war between the FBI and Apple in 2016 over access to an iPhone belonging to one of the San Bernardino terror attack suspects. At the time, President TrumpDonald John TrumpLondon terror suspect’s children told authorities he complained about Trump: inquiry The Memo: Tide turns on Kavanaugh Trump to nominate retiring lawmaker as head of trade agency MORE, then a candidate, sided with the FBI.

Apple fought an order to help provide access to the device, and the FBI eventually paid a third-party firm $900,000 to hack into the phone.

The issue has re-emerged in recent months, as Justice Department and FBI officials have stepped up their public rhetoric about the challenge posed by encryption. They often emphasize that the bureau was unable to access thousands of devices last year despite having court orders.

“Being unable to access nearly 7,800 devices is a major public safety issue,” FBI Director Christopher Wray said during remarks at Boston College on March 7.

The officials' public appeals are attracting attention in the Senate, where staffers of Sens. Chuck GrassleyCharles (Chuck) Ernest GrassleyDem: 'Bulls---' to say GOP doing everything to contact Kavanaugh accuser Grassley wants unredacted version of letter from Kavanaugh's accuser Attorney for Kavanaugh accuser criticizes Senate panel's ‘rush to a hearing’ MORE (R-Iowa) and Dianne FeinsteinDianne Emiel FeinsteinThe Memo: Tide turns on Kavanaugh Grassley wants unredacted version of letter from Kavanaugh's accuser Gillibrand: Kavanaugh accuser shouldn't participate in 'sham' hearing MORE (D-Calif.), the leaders of the Senate Judiciary Committee, have begun meeting with tech lobbyists and others on the issue of encryption, sources say.

According to CyberScoop, which first reported on the discussions Tuesday, there have also been internal discussions about potential encryption legislation at various federal departments, including Justice, Commerce, Homeland Security, and the National Security Agency. 

Sources with knowledge of the recent Senate discussions say the efforts are in the very early stages, and there is no clear picture of what legislation would look like. A spokeswoman for Feinstein referred The Hill to Grassley’s office. His spokesman declined to confirm the discussions.

Manhattan District Attorney Cyrus Vance, who has advocated for legislation that would force tech companies to make their devices accessible to law enforcement agencies pursuant to a warrant, also recently met with Senate staffers on encryption, the Feinstein spokeswoman confirmed. Vance’s office declined to comment on Friday.

It was Feinstein who, in 2016, spearheaded a push with Senate Intelligence Committee Chairman Richard BurrRichard Mauze BurrTrump assures storm victims in Carolinas: 'We will be there 100 percent' Overnight Energy: Trump rolls back methane pollution rule | EPA watchdog to step down | China puts tariffs on US gas Graham: Mueller is going to be allowed to finish investigation MORE (R-N.C.) for legislation that would have required tech companies to comply with court orders to decrypt customer data sought by law enforcement.

The proposal would have required that tech companies “provide such information or data to such government in an intelligible format” or “provide such technical assistance as is necessary to obtain such information or data in an intelligible format or to achieve the purpose of the court order.”

The proposal was met with immediate backlash from the tech community and was never formally introduced after the Obama administration declined to support it.

Feinstein signaled last year that she might be open to reviving a version of the bill.

“The concern I have is that once people had been killed in a terrorist attack and that there may be other DNA, there may be other messages that lead an investigative agency to believe that there are others out there," Feinstein said during a May 3 hearing.

She added that "for the protection of the public ... one would want to be able to see if a device could be opened.”

Revisiting that legislation would likely be met with opposition from privacy advocates, cybersecurity experts and others who say a technical solution that would allow law enforcement to unlock encrypted devices would undermine security.

“By mandating that every device and every software application build in a backdoor for government, there is no way to ensure that bad actors wouldn’t also gain access to that mechanism,” said Sharon Bradford Franklin, the Open Technology Institute’s director of surveillance and cybersecurity policy.

It also remains unclear there would be an appetite for such legislation the House.

A joint report issued by the House Judiciary and Energy and Commerce committees in late 2016 concluded, “Congress should not weaken [encryption] because doing so works against the national interest.”

But officials aren't ready to rule out a technical solution to the problem that preserves data security.

Wray, who insists that the FBI is not looking for a “back door,” suggested in January that devices could be designed to “both provide data security and permit lawful access with a court order.” 

“We need to work together —the government and the technology sector — to find a way forward, quickly,” Wray stressed.

According to the Times, Justice Department officials believe that such a technical solution exists based on recent discussions with security researchers. The Times also reported that the White House circulated a memo in February to several agencies detailing ways to find a potential solution to the “going dark” issue.

Any discussions on legislation will likely be influenced by the recent Justice Department inspector general report that found the FBI didn’t exhaust all avenues before seeking a court order to unlock the San Bernardino phone in 2016 because of communication failures.

Critics have seized on the report as evidence the FBI was more interested in establishing a legal precedent allowing them to force companies to bypass encryption than in unlocking the device by other means.

“Cybersecurity experts have repeatedly warned that encryption backdoors will have catastrophic effects on cybersecurity and make it much easier for hackers to gain access to Americans’ sensitive data,” Sen. Ron WydenRonald (Ron) Lee WydenWyden says foreign hackers targeted personal accounts of senators, staffers Some employees' personal data revealed in State Department email breach: report Hillicon Valley: North Korean IT firm hit with sanctions | Zuckerberg says Facebook better prepared for midterms | Big win for privacy advocates in Europe | Bezos launches B fund to help children, homeless MORE (D-Ore.) said in a statement last month. 

“I will fight every effort to force American technology companies to circumvent their encryption or install surveillance backdoors into their products.” 

Katie Bo Williams contributed.