Congress, Crypto and Craziness

A Congressional hearing on encryption and “frontdoors” produced a generous amount of the usual “crazy” from lawmakers and law enforcement.

Crazy is never in short supply in Washington. Through lean times and boom times, regardless of who is in the White House or which party controls the Congress, the one resource that’s reliably renewable is nuttery.

This is never more true than when that venerable and voluble body takes up a topic with some technical nuance to it. The appearance of words such as “Internet”, “computers” or “technology” in the title of a committee hearing strike fear into the hearts of all who use such things. This is the legislative body, after all, that counted among its members the late Sen. Ted Stevens, who so eloquently described the Internet as a “series of tubes.”

That existential dread of Congress’s technological ineptitude manifests tenfold when the topic at hand is encryption. Encryption is really, really hard for professionals. Folks who have spent their careers designing cryptographic algorithms and building cryptosystems describe it alternately as great and greatly frustrating. And Washington’s track record on this matter is, to put it politely, horrendous. A quick tube search for Clipper chip or key escrow will bring you all the evidence you need on this.

And so when a panel with the wonderfully Orwellian name of the House Committee on Oversight and Government Reform announced a hearing titled “Encryption Technology and Potential U.S. Policy Responses”, the expectations in the security and crypto communities were for plenty of crazy. And it delivered in spades, but perhaps not in the way observers had expected.

The legislators gathered on Wednesday afternoon to discuss the problems that default encryption schemes implemented by Apple and Google on their mobile devices would cause law enforcement in the investigation of crimes. Freely available encryption software is decades old now and the idea that encrypted devices are a challenge to police is hardly a new one, either. But the prevalence of smart phones with large storage capacity and full-disk encryption that can’t be easily defeated has brought the issue back to the fore in Washington and elsewhere. Specifically, in the office of Daniel Conley, the district attorney of Suffolk County in Massachusetts, which includes Boston. In his testimony, Conley sideswiped both Google and Apple for their monetization of the data they collect from users and then accused them of constructing a straw man called government intrusion to justify their decisions to implement strong encryption.

“Apple and Google are using an unreasonable, hypothetical narrative of government intrusion as the rationale for the new encryption software, ignoring altogether the facts as I’ve just explained them. And taking it to a dangerous extreme in these new operating systems, they’ve made legitimate evidence stored on handheld devices inaccessible to anyone, even with a warrant issued by an impartial judge,” Conley said.

“For over 200 years, American jurisprudence has refined the balancing test that weighs the individual’s rights against those of society, and with one fell swoop Apple and Google has upended it. They have created spaces not merely beyond the reach of law enforcement agencies, but beyond the reach of our courts and our laws, and therefore our society.”

The committee hearing was a response to the recent conversations in Washington circles about the need for backdoors in encryption technologies to enable lawful access by the FBI and other agencies. Cryptographers have said consistently that such systems simply don’t work, as they inevitably will allow access for attackers as well as law enforcement, never mind the huge technical challenges of implementing them. Matt Blaze, a professor at the University of Pennsylvania, testified during the hearing that implementing encryption backdoors is a fool’s errand.

“It can’t be done safely,” he said. “We just can’t do what the FBI is asking without seriously weakening our infrastructure.”

But that line of reasoning fell on deaf ears for some of the panelists. Later in his testimony, Conley said that what Apple and Google have done, by implementing encryption systems to which those companies do not hold decryption keys, has essentially given a gift to criminals.

“So when we talk about warrant-proof encryption, let’s be very clear about who will benefit from it: perpetrators of every violent, sexual, or financial crime in which handheld technology is used,” Conley said.

This, of course, is a convenient argument, and one that’s been used by opponents of encryption for decades. And, as most convenient arguments do, it ignores the existence of other facts. Like the fact that millions of non-criminals such as human rights activists, journalists, lawyers, students, congressmen and anyone else with a protected device also will enjoy the benefits of Apple’s and Google’s decisions. Or the fact that what these companies have done is a direct response to the revelations of the NSA’s surveillance activities that have come from Edward Snowden.

That contradiction did not get past Rep. Ted Lieu (D-Calif.), a man with computer science and law degrees and a clear grasp of the issue at hand.

“I take great offense to your testimony today,” Lieu said to Conley. “It’s a fundamental misunderstanding of the problem. Why do you think companies like Apple and Google are doing this? It’s not to make less money. It’s because the public is asking for it.

“This is a private sector response to government overreach. Let me make another statement, that somehow these technology companies aren’t credible because they collect private data. Here’s the difference: Apple and Google don’t have coercive powers. District attorneys do. The FBI does. The NSA does. And to me it’s very simple to draw the privacy balance when it comes to law enforcement privacy. Just follow the damn Constitution. And because the NSA and other law enforcement agencies didn’t do that, you’re seeing a vast public reaction to this. Because the NSA, your colleagues, have essentially violated the Fourth Amendment rights of every American citizen for years by seizing all of our phone records and collecting our Internet traffic, that now is spilling over into other aspects of law enforcement.”

Lieu is new to Congress but not to lawmaking and he was not swayed by arguments from Conley and Amy Hess, executive assistant director of the science and technology branch at the FBI, that encryption backdoors are necessary to protect innocent citizens in a dangerous world.

“I agree with law enforcement. We live in a dangerous world. And that’s why our founders put in the Constitution, that’s why they put in the Fourth Amendment, because they understand that an Orwellian, overreaching federal government is one of the most dangerous things this world can have,” Lieu said.

There is some sanity in Washington, after all.

Suggested articles

Discussion

  • John Jie on

    Congrats to Lieu. He's a breath of fresh air in D.C.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.