U.S. lawmakers are skeptical of an FBI request for Congress to mandate encryption workarounds in smartphones, with critics saying Wednesday that back doors would create new vulnerabilities that bad guys can exploit.
It's currently impossible for smartphone makers to build in back doors that allow law enforcement agencies access to encrypted communications but also keep out cybercriminals, witnesses and lawmakers said during a hearing before the IT subcommittee of the House of Representatives' Oversight and Government Reform Committee.
Law enforcement representatives called on lawmakers to find a way to allow access to encrypted data as a way to prevent serious crime. Late last year, FBI Director James Comey called for a public debate on encryption after Apple and Google announced they would offer new encryption tools on their smartphone OSes.
But most lawmakers questioned the need for encryption workarounds. Building in back doors for encryption on smartphones would be "technologically stupid," said Representative Ted Lieu, a California Democrat with a background in computer science. Apple and Google have responded to public demand for encryption because of an "out-of-control surveillance state," he added.
With all kinds of unencrypted digital information and tracking technologies available to law enforcement agencies, police are living in a "golden age of surveillance," added Representative Jason Chaffetz, a Utah Republican and committee chairman. "We're certainly not going to go dark, and in some ways, we've never been brighter."
Congress needs to find the right balance between privacy and national security, but building back doors in encryption would be similar to "drilling a hole in a windshield," Chaffetz said. If Apple can figure out how to circumvent smartphone users' encryption, "so can the nefarious folks in a van down by the river," he said.
The FBI doesn't need to hold the keys to encrypted information on smartphones, but policymakers and the technology industry need to figure out a way to allow law enforcement access to criminals' devices when a judge issues a warrant, said Amy Hess, executive assistant director at the FBI's Science and Technology Branch. Tech companies should implement encryption workarounds in the product "design phase," she said.
When criminals are storing information on encrypted devices, the process of obtaining search warrants may be "an exercise in futility," Hess said. The FBI believes that "no one in this country should be beyond the law," she added. "The notion that a suspected criminal's closet could never be opened, or his phone could never be unlocked, even with properly obtained legal authority, is troubling."
Police have used information on smartphones to investigate many crimes, including child pornography and human trafficking, added Daniel Conley, district attorney in Boston. He called on Congress to require smartphone makers to allow law enforcement access to encrypted data and on technology companies to come up with new ways to allow law enforcement access to data.
Sign up for CIO Asia eNewsletters.