The Congressional Encryption Working Group released its year-end report that concluded that encryption backdoors do more harm than good. The 12-page report said that “any measure that weakens encryption works against the national interest.”
The bipartisan congressional panel recommended that the U.S. support strong encryption and that “Congress should foster cooperation between the law enforcement community and technology companies.”
The conclusions run contrary to those of the FBI, which in the past said it has favored encryption backdoors in tech products and services. The Encryption Working Group was formed in the wake of the FBI’s battle with Apple to access data on an iPhone belonging to terrorist Syed Farook.
Ed McAndrew, a former federal cybercrime prosecutor and partner at law firm Ballard Spahr, said that the conclusions of the committee are significant, however will have little impact on pending or future legislation.
“There is nothing legislative being proposed as an outgrowth of this report,” he said. “The major points of the report track what the various stakeholders have said. Backdoors are dangerous. Weaknesses in encryption can benefit the intended and unintended third-parties.”
In its report, members of the working group said that it is exceedingly difficult and impractical, if not impossible, to “to devise and implement a system that gives law enforcement exceptional access to encrypted data without also compromising security against hackers, industrial spies, and other malicious actors.”
The committee also concluded requiring “exceptional access to encrypted data would, by definition, prohibit some encryption design best practices, such as ‘forward secrecy,’ from being implemented.” Perfect Forward Secrecy is a technology that ensures communication sessions are secured by randomly generated ephemeral public keys. It is a strategy that prevents an attacker from later using a stolen private key to decrypt recorded encrypted sessions.
The committee identified areas of future discussion for the next Congress, such as how law enforcement agencies should navigate the process of accessing information from private companies. Other areas slated for discussion are examining options to improve law enforcement’s ability to leverage metadata and reviewing the circumstances, resources and legal framework necessary to help law enforcement agencies exploit existing flaws in digital products, according to the report.
Electronic Frontier Foundation staff attorney Andrew Crocker said he was glad the working group came out “strongly against weakening encryption.” However, he said upcoming areas of focus for the commission were of equal importance when it comes to national security. “The report points in the direction of other approaches to government access to data, some of which raise similarly serious concerns, especially so-called lawful hacking by the government,” wrote Crocker in a statement to Threatpost.
In the interim, encryption is going to continue to be a hotly debated topic, particularly with law enforcement investigations, McAndrew said. “What I’ll be watching for is whether the new administration and new Congress have any type of revised CALEA legislative proposals.” CALEA stand for Communications Assistance for Law Enforcement Act and is the statute that requires telecommunication companies and others to help law enforcement agencies with lawful intercept and wiretapping operations.
Some lawmakers, most notably Sen. Richard Burr of North Carolina and Sen. Tom Cotton of Arkansas, have strongly advocated for encryption backdoors in technology products.
Reuters has reported that Sen. Burr, who chairs the Intelligence Committee, will reintroduce encryption legislation compelling companies such as Apple to build “back doors” into devices and services. Sen. Burr believes there is new hope for his bill under the support of the Trump administration.
For his part, President-Elect Donald Trump, hasn’t publicly taken a position on encryption. However during the Apple-FBI debate he blasted Apple on the campaign trail for not cooperating with the FBI and called for a boycott of Apple products.
In its report the committee concluded, “There is no ‘us versus them,’ or ‘pro-encryption versus law enforcement.’ This conversation implicates everyone and everything that depends on connected technologies—including our law enforcement and intelligence communities. This is a complex challenge that will take time, patience, and cooperation to resolve.”