Days after the House of Representatives passed two cybersecurity bills designed to protect Americans from criminal data breaches, lawmakers heard arguments over surveillance "backdoors" that would allow the FBI and other government agencies access to encrypted data.
The FBI has recently criticized the strong level of encryption Google, Apple, and other tech companies use to protect user data. Last fall, FBI Director James B. Comey told an audience at the Brookings Institute, "We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so." On Wednesday, an Oversight and Government Reform subcommittee examined the FBI's requests for a mandate that would require some tech companies to build into their products backdoors that would facilitate surveillance by law enforcement.
Some in law enforcement insist robust data encryption can hinder criminal investigations and even pose a threat to national security.
During the Wednesday hearing, Daniel Conley, a Boston district attorney, said data encryption can place an "impenetrable barrier around evidence." In his testimony, he attacked Apple and Google for unintentionally providing a safe space in which criminals can operate.
"When corporate interests place crucial evidence beyond the legitimate reach of our courts, they are in fact granting those who rape, defraud, assault or even kill a profound legal advantage over victims in society," Conley said.
Rep. Ted Lieu, a California Democrat, disagreed. "Creating a pathway to decryption only for good guys is technologically stupid," he said.
Lieu took exception to Conley's argument, pointing out the threat to civil liberties allowing law enforcement backdoor access to private data presents. "Apple and Google don't have coercive power, district attorneys do, the FBI does, the [National Security Agency] does," he said. "And to me its very simple to draw the privacy balance when it comes to law enforcement and privacy: Just follow the damn Constitution."
This focus on a citizen's reasonable right to privacy and apprehension toward mandated backdoors was a bipartisan concern. Texas Republican and Subcommittee Chairman William Hurd said, "As a former CIA officer, I understand and appreciate the need and desire for law enforcement to access digital information in a timely manner. However, I also understand the protections afforded to Americans provided by the Constitution."
Amy Hess, the FBI's executive assistant director for the science and technology branch, defended the use of backdoors for criminal investigations, but noted that they must be implemented thoughtfully and securely.
"What we are asking for is not to lower [encryption] standards by developing some type of lawful intercept or lawful access capability," Hess told the committee. "But rather to come up with way that we may be able to implement, perhaps, multiple keys or some other way to be able to securely access the information or be provided with the information."
When asked by Committee Chairman Jason Chaffetz, R-Utah, Hess did not specify whether the Justice Department considers geolocation data content or metadata, which informs the constitutionality of data searches. She declined also to state in public the circumstances necessary for federal law enforcement to collect location data without a warrant, distinctions that animate unresolved constitutional questions of government power and surveillance technology.
Three tech and policy experts argued that backdoors necessarily introduce security vulnerabilities. Mathew Blaze, professor of computer and information science at the University of Pennsylvania, said mandated backdoors are technically challenging and can enable exploits by bad actors. Jon Potter, president of the Application Developers Alliance, argued that backdoors invite foreign powers to develop their own workarounds and stifle business opportunities for American companies abroad. And Kevin Bankston, policy director of New America's Open Technology Institute, suggested that mandated backdoors won't do much to decrease threats to public safety.
"The ultimate question isn't what will make law enforcement's job easier in some investigations," Bankston said. "The ultimate question is what will prevent more crime."
Though Hess and Conley framed the need for backdoors as a grand, law-and-order tension between privacy and security, personal liberty, and national security, the other three witnesses argued that encryption is a useful tool — for government agencies and for the rest of society.
The bipartisan committee members' skepticism toward calls for surveillance backdoors echoes earlier efforts by Congress to halt similar measures, like February's Secure Data Act. Increasing the use of encryption and urging American companies to do so was one of the official recommendations offered by President Obama's Review Group, a panel tasked with evaluating the NSA's surveillance programs in the wake of Edward Snowden's disclosures in 2013. During Wednesday's hearing, it was clear the committee had taken that recommendation to heart.
Said Chaffetz, "Do we allow the 99% of Americans who are good, honest, decent, hardworking, patriotic people to have encrypted phones, or do we need to leave a backdoor open and create vulnerability for all of them?"