Previously, the government could issue a warrant to force tech companies to cough up data from its users. But following the Edward Snowden leaks, and a heightened sense of privacy from the public about the government’s access to personal information, companies began clamping down.
“It is likely that encryption, end-to-end encryption, was used to communicate between those individuals in Belgium, in France and in Syria,” said Senate Intelligence Committee Chairman Richard Burr (R-N.C.), following a closed-door briefing for committee members on Tuesday. “It’s a wake-up call for America and our global partners that globally, we need to begin the debate on what we do on encrypted networks, because it makes us blind to the communications and to the actions of potential adversaries.”
Proponents of cybersecurity notched a recent victory with the Senate passage of a bill to allow companies and the government to trade information about hacks more easily.
But Burr and top Intelligence Democrat Dianne Feinstein (D-Calif.), supporters of that effort, said that tackling encryption might be even thornier.
“Even simple commercial products that you can buy encrypt the conversation, and some of them encrypt in a way that even with a court order, you can’t break into it,” Feinstein said. “We know certain equipment and certain games that are encrypted that can be used. We need to figure out what can and should be done about that.”
Added Burr: “There’s not an app that you buy that potentially doesn’t have a communication capability today … whether they sell it that way or not, [it’s] likely encrypted,” Burr said. “There are probably 30 end-to-end encrypted software packages that you can download for free…and I think we anticipate that everything from this point forward will have an encrypted communications to it.”
But no solution to the encryption problem is in the works at this point. The Intelligence committee heads aren’t yet drafting legislation and aren’t even sure what aspects of encrypted communications they will address when they do begin to lay out a plan.
“I wouldn’t dare make you even remotely believe we’re on a legislative route,” Burr said. “We’re on an exploratory route, trying to figure out what options we have.”
Burr and Feinstein acknowledged that technology companies, who fiercely pushed back on their cybersecurity efforts, aren’t likely to look kindly on reforms to encryption.
“The reality is that we don’t expect this to be received extremely well from companies that market their products based upon the fact that they have end-to-end encryption,” Burr said. “We don’t have a responsibility to sell their products. We have a responsibility to keep America safe…and if it means people are going to have to change their business models, then so be it.”
Feinstein, who represents many of the Silicon Valley companies that could fight such efforts, said to Andrea Mitchell of MSNBC on Monday that: “I have asked for help, and I haven’t gotten any help.”
She added: “If you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents — whether it’s at a game, in a stadium, in a small restaurant in Paris, take down an airliner, that’s a big problem.”
Privacy advocates who balked at the information-sharing language in the cybersecurity bill could also turn against any effort to allow government more access to individuals’ communications.
Sen. Ron Wyden (D-Ore.), one of that legislation’s most ardent foes, argues there are other ways to safeguard against terrorism that are more effective and respectful of individual rights.
“It’s important to be very careful about some of these knee-jerk approaches that don’t give you more security and put at risk your liberty,” Wyden said. “Requiring U.S. companies to weaken encryption, when terrorists can fairly easily obtain advanced encryption products around the world doesn’t make much sense to me.”