Credit: Perspecsys Photos / Flickr
Breaking encryption technology used by terrorists and criminals poses a frustrating dilemma for intelligence agencies and, most recently, congressional lawmakers.
Bipartisan legislation to create a commission to study U.S. encryption policies and practices is still weeks away from being introduced as discussions continue, congressional aides familiar with the plan told Computerworld.
The commission approach, backed by Sen. Mark Warner (D-Va.) and House Homeland Security Committee Chairman Michael McCaul, (R-Texas) is intended to bring experts together to dive into the differing points of view, where tech companies want to protect privacy with encryption, while the FBI and other law enforcement agencies want to prevent acts of terrorism and crime by monitoring encrypted communications.
Meanwhile, Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and Sen. Dianne Feinstein (D-Calif.) are working on a separate bill that would guarantee law enforcement access to encrypted data, aides said Thursday. The terror attacks in Paris and San Bernardino, Calif., have ignited the debate in Congress over encryption.
The Burr-Feinstein approach is seen as taking a harder line on breaking encryption tech, although policymakers appear to have moved away from language calling for mandating a "back door" to break encrypted apps and communications.
The McCaul-Warner commission approach, meanwhile, is not intended to delay, deflect or bury the planned Burr-Feinstein bill, as some critics have claimed, aides working on the commission legislation contended. Whatever work the commission eventually recommends is expected to have an impact for decades to come, so a deliberate approach is needed, they added.
Both McCaul and Warner and their aides have repeatedly said there's "no silver bullet" legislative approach for solving the encryption dilemma. The lawmakers have pointed out that any U.S. law would only apply to U.S. companies, while many encryption apps and technologies are designed by companies outside the U.S. For example, some terrorists in the Paris attacks used Telegram, a messaging app with end-to-end encryption, was built by a Belgian-based company.
In addition, tech companies have argued that third-party access to decryption keys or other means of breaking encryption could only create a hole for criminals and terrorists to sneak through.
Recent reaction by other policymakers
The debate over encryption policy in Washington was addressed by two other top officials speaking before think tanks in recent days.
On Thursday, Senate Homeland Security Chairman Ron Johnson (R-Wis.), said that legislating encryption standards might "do more harm than good" in the fight against terrorism, according to The Hill website.
"Is it really going to solve any problems if we force our companies do something here in the U.S.?" he asked at a presentation at the American Enterprise Institute, a conservative think tank. "It's just going to move offshore."
Sign up for CIO Asia eNewsletters.