Backdoor for the good guys?
John Verdi, vice president of policy at the Future of Privacy Forum (FPF), was among hundreds of critics who said it couldn’t work. “Some have argued that firms like Apple can create backdoors that allow the good guys to access data, but prevent access by bad actors. Unfortunately, this isn't possible,” he said.
And John Bambenek, threat systems manager at Fidelis Cybersecurity, noted that most tech companies are global. If they are forced to provide a backdoor for US intelligence or law enforcement, it could then be used by, “less-friendly jurisdictions that may have their own motivations.”
While there have been reports since last fall that a revised version of Burr-Feinstein may be filed this year, the logistics of it are not clear, since Feinstein has moved to the Judiciary Committee.
“Burr-Feinstein will be reintroduced,” said Paul Rosenzweig, founder of Red Branch Consulting and a former deputy assistant secretary for policy at the Department of Homeland Security. “But with Feinstein at Judiciary now, the exact structure will be different.”
A report from another congressional group has received a warmer reception.
The Encryption Working Group of the House Judiciary Committee and the House Energy and Commerce Committee issued its annual report in December, which included the following “observations”:
- Any measure that weakens encryption works against the national interest.
- Encryption technology is a global technology that is widely and increasingly available around the world.
- The variety of stakeholders, technologies, and other factors create different and divergent challenges with respect to encryption and the "going dark" phenomenon, and therefore there is no one-size-fits-all solution to the encryption challenge.
- Congress should foster cooperation between the law enforcement community and technology companies.
Bambanek called the report “bang on,” especially with regard to weakening encryption, because to do so would, “work against the national interest.”
Of course, any legislation that results will depend in large measure on how the various stakeholders define “cooperation.”
There is also a bill in the works by Rep. Michael McCaul (R-Texas), who chairs the House Homeland Security Committee, and Sen. Mark Warner (D-Va.), that would create a 16-member "Encryption Commission" to report on how conflicts might be resolved. It would include tech industry executives, privacy advocates, cryptologists, law enforcement officials and members of the intelligence community.
But EFF opposes it, arguing that the “questions” the commission would address have already been answered.
They haven’t been answered to the satisfaction of all parties, of course. As Nojeim put it, “companies and law enforcement are trying to adapt to new technology, and there is no road map for how that should best be done.”
Establishing that road map will inevitably be contentious. Bruce Schneier, CTO of Resilient Systems and an encryption expert who blogs on the topic frequently, wrote in a post last month that, “there will be more government surveillance and more corporate surveillance. I expect legislative and judicial battles along several lines: a renewed call from the FBI for backdoors into encryption, more leeway for government hacking without a warrant, no controls on corporate surveillance, and more secret government demands for that corporate data.
Sign up for CIO Asia eNewsletters.