The Washington PostDemocracy Dies in Darkness

Congressman with computer science degree: Encryption back-doors are ‘technologically stupid’

Rep. Ted Lieu (D-Calif.) questions the technical security of encryption back-doors in a recent hearing. (YouTube)

The debate over whether companies should be forced to build in ways for law enforcement to access communications protected by encryption took a tense turn this week in a congressional hearing.

On one side were law enforcement officials, including a high-ranking FBI official. On the other were tech-savvy members of the House Government Oversight and Reform Committee's Information Technology subcommittee — two with computer science degrees.

"It is clear to me that creating a pathway for decryption only for good guys is technologically stupid," said Rep. Ted Lieu (D-Calif.), who has a bachelor's in computer science from Stanford University. "You just can't do that."

Tech companies have expanded their use of encryption, which protects many digital communications from prying eyes, in response to revelations about the government's digital spying capabilities. Apple, for instance, now automatically encrypts new iPhones in a way that even the company can't disable even if served with a warrant.

Such efforts have prompted law enforcement officials to urge Congress to mandate that companies create a way for them to access encrypted content. But encryption experts say building such back-doors would fundamentally undermine the security of people who rely on those products because it could create new vulnerabilities and give hackers a new target to attack.

And in a hearing Wednesday, several members of Congress took government officials to task.

Subcommittee Chair Will Hurd (R-Tex.), who also has a computer science degree and worked in information security after nearly a decade at the CIA, shared Lieu's skepticism of the security of such back doors. As did Rep. Blake Farenthold (R-Tex.), who  asked the panel of witnesses to raise their hands if they thought it was possible to build a technically secure back-door — often mockingly called a "golden key" — into modern encryption systems.

None of them did — including Amy Hess, executive assistant director of the FBI’s Science and Technology Branch, and Daniel F. Conley, the district attorney for Suffolk County in Massachusetts. Conley at one point argued that companies like Apple are protecting "those who rape, defraud, assault, or even kill" with their encryption policies. (Lieu later said he took "great offense" at this comment, which he called a "fundamental misunderstanding of the problem.")

Rep. Jason Chaffetz (R-Utah), chairman of the Government Oversight and Reform Committee, also expressed concern about back doors.

“It’s impossible to build a back-door for just the good guys — if somebody at the Genius Bar could figure it out, so could the nefarious folks in a van down by the river," he said.

In defending the FBI's position, Hess said the government supports encryption — in fact, it relies on it to protect government computer networks from cyber threats. She also appeared to reference a proposal reportedly being explored by some academics and government officials to see if tech companies can create a backdoor, but then split the digital key that would unlock it into multiple parts. Under such a proposal, no one person or agency would hold all of the pieces, an approach some experts speculate could make such a backdoor harder to compromise.

"What we're asking for is not to lower those standards by developing some type of lawful intercept or lawful access capability, but rather to be able to come up with a way we may be able to implement perhaps multiple keys or some other way to be able to securely access the information — or rather be provided with the information," she said.

This answer didn't seem to appease Chaffetz, who argued any sort of backdoor was akin to using a lock from a hardware store — where any locksmith would be able to open it.

"That's the disconnect from what we hear from the FBI and the reality," he said. "Do you create the hardest, strongest encryption possible — which means not having a key?"