In the wake of the terrorist attacks in Paris and California, there is growing sentiment among security hawks on Capitol Hill for legislation to ensure that law enforcement has access to encrypted communication.
On Wednesday, Sen. Dianne Feinstein (D-Calif.) became the latest senior lawmaker to call for such legislation. “If there is a conspiracy going on” among terrorist suspects using encrypted devices, “that encryption ought to be able to be pierced,” said Feinstein, vice chairman of the Senate Intelligence Committee.
Her remarks came at a Senate Judiciary Committee hearing at which FBI Director James B. Comey asserted that it would be “useful” for Congress to “drive this conversation.”
They follow comments by Sen. John McCain (R-Ariz.), who said after the Paris attacks that the status quo was “unacceptable.” He said that the Senate Armed Services Committee, which he chairs, would hold hearings and “have legislation.”
Obama administration officials, by contrast, are circumspect and, in October before the latest attacks, had opted not to seek legislation for now.
It is not clear yet whether the San Bernardino, Calif., couple, who fatally shot 14 people, used encrypted communication or devices; they did own iPhones, officials said. And it is unknown whether the Paris attackers had used encrypted communication.
The fear among some lawmakers that encryption may have shielded plotting or radicalization has given the debate over the technology new life.
Comey aired a new argument Wednesday. He said the move to encryption that firms cannot unlock, even if served with a warrant, was primarily a “business” decision and was not driven by a desire to improve device security.
“I actually think it’s not a technical issue,” Comey said. “There are plenty of companies today that provide secure services to their customers and still comply with court orders. There are plenty of folks who make good phones and are able to unlock them in response to a court order. In fact, the makers of phones that today can’t be unlocked, a year ago, they could be unlocked.”
He also asserted that 12 months ago customers were not refraining from buying those phones because of some fear that they were insecure.
Comey took issue with critics — many of them eminent technologists — who said that building in a method to assure access to encrypted communication would unacceptably undermine security. “You should stop saying that it’s going to break the Internet,” Comey said.
He asserted that conversations with tech companies have been productive, though. “They really made clear to me that we’re not at war with each other,” Comey said. “We care about the same things.” But, he said, the discussions also convinced him that the firms were moving toward strong encryption to better compete with one another.
To show the effect such encryption has had, he noted that prior to the attempted terrorist attack in Garland, Tex., in May, one of the suspects exchanged 109 messages with a terrorist overseas. The FBI could not read them, he said, because they were encrypted. “That is a big problem,” he said. “We have to grapple with it.”
But some tech firms note that they have been moving toward strong encryption for several years. Apple, for instance, began encrypting its instant message feature in 2011 such that only the user and recipient could read the content. FaceTime, Apple’s video-calling feature, has had such end-to-end encryption since 2010. The firm made both moves without fanfare and, it said, to enhance data security and customer privacy.
Feinstein said that she and Sen. Richard Burr (R-N.C.), chairman of the Senate Intelligence Committee, are working on the encryption issue. No legislation from them is expected this year.
Feinstein said she is also reintroducing legislation that would require tech companies to report online terrorist activity. It would not require the firms to monitor their sites if they do not already do so. But if they become aware of terrorist content, they must report it to law enforcement.
“When we find terrorist-related material, we look for and remove associated violating content and accounts,” said a Facebook representative. “We also refer information to law enforcement whenever we believe it is necessary to prevent harm.”
For instance, the representative said, when one of the San Bernardino shooters posted allegiance to the leader of the Islamic State militant group on her Facebook page, the company removed the account and informed the FBI.