with Tonya Riley


Lawmakers are giving big tech firms an ultimatum: Give police access to encrypted communications or we'll force you. 

That warning, delivered by senator after senator during a Senate Judiciary Committee hearing yesterday, reflects the fierce anti-encryption mood now reigning on Capitol Hill -- and how the Justice Department's warnings about how the digital protection allows child sex traffickers and other criminals to act with impunity seem to be moving the needle. 

“It ain’t complicated for me. You’re going to find a way to do this or we’re going to do it for you,” committee chairman Lindsey Graham (R-S.C.) told representatives from Facebook and Apple. “We’re not going to live in a world where a bunch of child abusers can have a safe haven to practice their craft. Period. End of discussion."

Graham added, "You’re either the solution or you’re the problem.”

Similar warnings came from the committee’s top Democrat, Dianne Feinstein (Calif.) and Republican Sens. Joni Ernst (Iowa), John Cornyn (Texas) and Marsha Blackburn (Tenn.) who charged the companies are “creating a sanctuary” for criminals. “You all have got to get your act together or we will gladly get your act together for you,” Blackburn said. 

The lawmakers’ with-us-or-against us approach marks a huge about-face from a few years ago, when Congress seemed more split on whether advanced encryption provided a dangerous haven for criminals or a vital protection for all Americans. 

Back in 2016, even Graham warned the Obama Justice Department against trying to legally force Apple to help break into an encrypted iPhone used by San Bernardino shooter Syed Farook, saying the precedent could backfire and damage national security. 

“I’m a person who’s been moved by the arguments [about] the damage we may be doing to our national security,” Graham told then-Attorney General Loretta Lynch. Graham’s office didn’t respond to a query asking for details about his shifting position. 

The hearing's comments make it more likely the Justice Department will double down on its pivot to focus on the dangers of child sexual exploitation and trafficking, rather than how terrorists could use encrypted communications to plan operations. 

Tech companies, meanwhile, are calling lawmakers’ bluff and arguing there’s no technical way to give police access to encryption without letting criminals in, too -- and making their users significantly more vulnerable. 

As the hearing began, Facebook released a letter refusing a request from Attorney General William P. Barr to delay expanding encryption across its messaging services, as my colleague Tony Romm reported

“People’s private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security,” the company wrote.

Barr charged in an open letter to Facebook in October that the company’s adoption of broader encryption could cut the 16.8 million reports of child sexual exploitation and abuse content it delivered to the National Center for Missing and Exploited Children in 2018 to just 5 million or less.

Jay Sullivan, a Facebook privacy executive, countered during the hearing that the company can detect some child exploitation even when account contents are blocked by encryption by monitoring the size and nature of files. Facebook-owned WhatsApp removes about 250,000 encrypted accounts each month for child abuse, he said. 

Lawmakers are also riding a wave of public anger at Facebook and other tech companies, following myriad privacy debacles that have compromised the personal information of millions of Americans. 

Encryption advocates are fighting back, though, arguing that focusing on criminals fails to acknowledge the danger that billions of non-criminals who use encrypted systems from Facebook, Apple, Google and other companies would face without strong encryption. 

Here’s Amie Stepanovich, executive director of Silicon Flatirons, an innovation center at the University of Colorado, Boulder: 

Police also aren’t using all the tools they have to gather evidence against criminals without compromising encryption, such as getting warrants to hack into accounts, Stepanovich argued:

In other cases, police and prosecutors have contracted with companies to help them break into encrypted devices by exploiting secret flaws in the encryption itself. Or they’ve used unencrypted information, such as the timing of communications and who’s contacting who to build a case. 

Here’s Johns Hopkins Professor of Strategic Studies Thomas Rid, who argued in advance of the hearings that protecting encryption is more important than the impeachment debate:


Russian Foreign Minister Lavrov and Secretary of State Pompeo clashed over allegations that Russia meddled in the 2016 presidential election, Dec. 10. (Reuters)

PINGED: Secretary of State Mike Pompeo scrapped with Russian Foreign Minister Sergei Lavrov during a public appearance yesterday after Lavrov denied Russian interference in the 2016 election. Pompeo declared the United States had "shared plenty of facts to show what happened" and that the interference was "unacceptable," my colleagues John Hudson and Anne Gearan report

“Lavrov said Russia has demanded that the United States provide evidence of election interference, but when asked by a reporter why he doesn’t simply ‘read the Mueller report,’ Lavrov dismissed the suggestion,” my colleagues reported.

President Trump, who has wavered on whether he believes Russia was involved, also warned Lavrov against interference, he said on Twitter. But Lavrov denied that the two discussed election interference during their meeting, The Hill reports.

PATCHED: Private equity companies that own parts of the three largest voting machine companies may be squeezing their budgets in a way that produces less secure products, lawmakers allege in a letter released yesterday. The lawmakers’ warnings come amid widespread concern Russia or another U.S. adversary could exploit weaknesses in voting machines to undermine the 2020 election.

 "These problems threaten the integrity of our elections and demonstrate the importance of election systems that are strong, durable and not vulnerable to attack," the group wrote.

The letters were sent by Sens. Elizabeth Warren (D-Mass),  Ron Wyden (D-Ore.) Amy Klobuchar (D-Minn.), and Rep. Mark Pocan (D-Wis.) to private equity owners of Election Systems & Software, Dominion Voting Systems, and Hart InterCivic, which control about 90 percent of the voting machine market. Warren, a 2020 presidential candidate, and Pocan are sponsors of Senate and House bills that would impose new transparency requirements on private equity firms.

The lawmakers want to know how much the firms invest in research, development and maintenance that could improve election security. 

PWNED: The George W. Bush administration’s top counterterrorism official Richard Clarke and several other ex-White House officials were instrumental in launching a United Arab Emerates spying program that ultimately spied on the United Nations office in New York, the FIFA soccer association, and a Saudi women's rights activist Joel Schetman and Christoper Bing at Reuters report.

Reuters previously reported that former U.S. intelligence agents were involved in the project.

The idea for the agency, which would eventually operate under the codename "Project Raven," was to track terrorists, Clarke told Reuters. The participation of Clarke and other former U.S. officials was approved by the State Department and the National Security Agency, he said. Clarke's company Good Harbor Consulting gave up control of the project in 2010 but it continued to employ numerous former U.S. officials after that .

One of Clarke's former partners expressed disgust at how the program evolved.

“I have felt revulsion reading what ultimately happened,” Paul Kurts, Clarke's former partner and former senior director for national security at the White House told Reuters. He called for greater oversight of the use of U.S. cyber talent abroad, something that members of Congress have also pressed for.


— Cybersecurity news from the public sector:


— Cybersecurity news from the private sector:


— Cybersecurity news from abroad:


— Today:

  • Dartmouth College and Durham University will host a forum on A.I., machine learning and the future cybersecurity landscape for organizations and governments at Carnegie Institution of Washington from 10 a.m. to 5 p.m.
  • The Senate Judiciary Committee will host a hearing Hearings to examine the inspector general's report on alleged abuses of the Foreign Intelligence Surveillance Act at 10 a.m.