The government is in a bind – it wants to stop criminals and terrorists, but it also wants to support strong encryption. Navigating this quandary has been a problem for a while, and it is entering a new phase. Specifically, the government appears to be shifting its focus from compulsion to persuasion. Instead of crafting legislation that would require compliance from tech companies, the government is trying to convince them to cooperate voluntarily. Last Thursday, FBI Director James Comey described current efforts to work with tech companies on this issue as being “very productive,” and emphasized the need for constructive dialogue. He also made a point of highlighting how law enforcement and industry are finding common ground based on similar values and respect for civil liberties.
One of the FBI’s main arguments for wanting mandatory access to encrypted data took a blow during the hearing. When questioned by Senate Homeland Security Chairman Ron Johnson about the number of suspected terrorists who moved to encrypted communications systems to avoid FBI observation, Comey said that the best number he could give publicly was dozens. The FBI has used the fear of terrorist attacks as one of the main driving forces in its campaign for greater access to encrypted communications. Johnson expressed surprise at such a low number of cases.
Although the government appears to be taking a less heavy-handed approach to encryption, the core problem remains unaddressed. Even if tech companies voluntarily work with the government, that could still lead to the creation of the kinds of vulnerabilities that cybersecurity specialists and privacy advocates are so worried about. However, the topic of encryption is nuanced and the details of the debate can become extremely technical. As a result, the active participation of industry in trying to solve the problem could help in the search for a palatable way forward.
On Monday, the Cipher Brief brought you several perspectives on the issues raised by the prospect of growing access to strong encryption. Our experts provided potential solutions, ranging from an increased focus on traditional police work, to splitting encryption keys between major stakeholders to provide oversight. Robert Knake, the former director for cyber security at the National Security Council, suggested allowing law enforcement to get into the hacking game. All of our contributors agreed that the solution to the encryption problem would not be easy. For example, Knake acknowledged the downside of lawful hacking, but also noted “it may be better than the alternatives.” The final answer will likely end up being the best option from an array of unpleasant choices.
Today, our experts dive into this debate once again, and provide some insights into other potential resolutions. Former Secretary of Homeland Defense Michael Chertoff says that when a similar issue flared up in the 1990s, law enforcement was “still able to be quite successful with electronic surveillance.” And with the incredibly high volume of unencrypted information that people generate during their day-to-day lives, Chertoff describes our modern society as a “data rich environment” for law enforcement to exploit. It is up to law enforcement and industry to work together to find a way to navigate that environment in a way the preserves both physical and cyber-security.
Luke Penn-Hall is the Cyber and Technology Producer at The Cipher Brief.
