Johnson also said that encryption helps protect personal information, a position strongly backed by Apple CEO Tim Cook and other tech companies. Apple has been among the most vocal in defending its privacy policies with end-to-end encryption.
On Jan. 21, National Security Agency Director Adm. Michael Rogers told an audience that "encryption is foundational to the future." In remarks at the Atlantic Council, an international affairs think tank, Rogers said that spending time arguing that encryption is bad and should be done away with is a "waste of time." Rogers' comments are recorded in video at The Intercept.
Crypto experts weigh in
Professor Darren Hayes, director of cybersecurity at Pace University, said he supports the idea of a congressional commission to review encryption laws and policies.
"The whole idea of government access to communications is nothing new," Hayes said in an interview. "Every telecom company has to set up their infrastructure so that law enforcement can set up a wiretap" subject to a court order.
He also said that some type of legal step may be needed to gain greater access. "The vast majority of companies will never hand over data without any kind of warrant or subpoena. The idea that companies will help out law enforcement is not true at all."
Hayes has served as a forensics encryption specialist in more than two dozen criminal cases in the New York area since 2008 to help prosecutors bring cases against people accused of being pedophiles and other crimes who have resorted to hiding criminal activity with encrypted data.
Hayes is well aware that any U.S. law on encryption wouldn't apply to other countries, but said a broad-based discussion "is a good discussion to have …The list is growing of potential prosecutions held up by [not having] a full disclosure of encrypted data." In any event, he added, "I'm a big proponent that you have to have a warrant to gain access."
Two representatives for tech companies based in Silicon Valley said recently in interviews that they were open to the idea of creating a congressional commission, but would want to review the final legislation before signing on.
Conversely, Kevin Bocek, vice president of cybersecurity for Venafi, called the idea of creating an encryption commission "very concerning." Venafi works with 250 large banks and retailers in setting up encryption and authorization software to protect their data.
In an interview, Bocek said he is worried that creating the commission could turn into an entity that is powerful and ominous. "I don't understand how an encryption commission is going to deal with encryption already being widely used," he said. "It's counterproductive and more productive to talk about how to live in a world with encryption and how to safeguard national security."
Sign up for CIO Asia eNewsletters.