Should Federal Government surveillance agencies and law enforcement at all levels have access to cleartext versions of everyone’s and anyone’s personal electronic communications, even if they are deeply encrypted and beyond the reach of curious officials’ technical capabilities?
Or, put another way, should the government be able to prohibit the sale and use of “unbreakable,” end-to-end encryption, unless it comes with a “back-door” that enable government to decrypt the encrypted messages it collects?
Tim Cook, CEO of Apple, says the answer is an emphatic "No."
Four days after the terrorist attacks in Paris, on November 17, 2015, after being briefed by Obama Administration officials including Assistant Secretary of State Victoria Nuland on the U.S. role in the aftermath of these attacks, Richard Burr (R-NC), Chair of the U.S. Senate Intelligence Committee, and Vice-Chair Diane Feinstein (D-CA) spoke to reporters. They addressed the issue of end-to-end encryption several times in their remarks.
Their approaches spanned a range between looking into the question and forcing private companies that provide these powerful encryption technologies “to change their business models.”
Here’s more of what they had to say:
“There’s a likelihood that this attack was ISIL-directed. It is likely that encryption, end-to-end encryption was used to communicate between those individuals in Belgium, in France and in Syria. It’s a wake-up call for America and our global partners that globally we need to begin the debate on what we do on encrypted networks, because it makes us blind to communications and to the actions of potential adversaries. The vice chairman and I committed to our membership that we would start this debate sooner rather than later and I think this is not just a debate to happen within the United States, this is a debate we will have with our international partners.”
“…it’s causing a great deal of alarm among people who want their government to keep people safe and we want to keep people safe. And only good intelligence is going to keep people safe. So as the chairman pointed out, a lot of the communication between these networks is encrypted. Even simple commercial products that you can buy encrypt the conversation and some of them encrypt it in a way that even with a court order, you can’t break into it. So good intelligence from people in communities all over, I think is extremely important."
“… It still happened and it happened while the entire world’s intelligence communities looked for it. Though we don’t have the answer today, we will work aggressively to try and figure out where we might have picked this up and if we couldn’t, what tools we need to provide to intelligence here and abroad that would allow us to detect any indications in the future."
“On the encryption question, what steps will Congress take in addressing that and will it play into this unfinished cybersecurity process?”
“I think it’s way too early for us to comment, look at both us, look at our age. This is a very difficult thing for us to understand because I won’t tell you that we’re steeped in technology where we’ve got generations below us where this is an everyday process for them. There’s not an app that you buy that potentially doesn’t have the communication capability today, and that communication capability whether they sell it that way or not, it’s likely encrypted. So facing realities, we know we can’t go forward unless we work with intelligence communities and whether we work with our partners above to figure out what the way forward is."
“Vice Chairman, you mentioned you’re working some proposals to possibly bring forward, could those include proposals on encryption or anything—“
“I don’t think it makes sense to speculate. The chairman has said what he’d really like the committee to do and I really agree with this; we need to sit down and we need to go over things. We need to look at a number of different things; we need to look at how much the visa waiver program plays into this. How much encryption plays into it. We know of certain equipment and certain games that are encrypted that can be used. We need to figure what can and should be done about that if anything.
“The important thing is that it is a committee-wide effort and once we agree we’re able to move forward on a bipartisan basis.”
“Senators, in terms of the ISIL threat to Europe and the homeland, could you paint a little more of a picture on what you are learning. Is there an external operations cell? And do we know who those people are, are they in Raqqa and what do you think the U.S. government should do about those people?"
“… It may fly under the radar screen and I think that’s one of the realities that I think we’re faced with and that’s why Dianne and I have committed to challenge our staffs to do an overall review from a standpoint of what are the things we need to look at that we aren’t currently focused on, what tools we might provide that at least provide an opportunity of a better outcome for our intelligence community.
“Quite frankly, we’re going to have to think differently, because our adversaries are thinking differently now.”
“And if I might add to the Chairman, ISIL is different. ISIL isn’t al Qaeda. Al Qaeda was away and removed and a small group of people and they put together very precise operations. This is big. ISIL has 30,000 fighters. France, 2,000 people have gone from France to Syria to fight. We’ve had about 150 go from our country to fight. They are expanding. They are creating the caliphate in different countries, wherever they can. Safe harbors in some countries wherever they possibly can. As the Chairman pointed out, the number of countries they’re in, is close to 30 today, one way or another. So it’s an expanding model and that model puts forward a new plan and that is as was said, that you have one person in Syria, directing through Belgium, to France, that could be here too. Just like that, all encrypted. So it’s a problem and of course they have a video out that makes the statement. So that’s a concern to all of us."
“Chairman Burr, you talked about end-to-end encryption. What platform were they using and what evidence is there?"
“We can’t tell you today specifically that they were using a specific encrypted platform. We think that that’s a likely because we didn’t pick up any direct communication. I think it’s safe to say that there are probably 30 end-to-end encrypted software packages that you can download for free. Given the fact that between iTunes and PlayStation, the number of apps that are added on a weekly, monthly, yearly basis and I think we anticipate that everything from this point forward will have encryption communications to it, now’s the time to act.”
“What legislation is possible to address this?”
“I wouldn’t dare even make you remotely believe that we’re on a legislative route. We’re on an exploratory route, trying to figure out what options we have and from those options to determine what the best course, short, medium and long term is.”
“And as you explore, what cooperation are you getting from companies in Silicon Valley? What would your message be to those companies?”
“Well if we get the same cooperation we did with cyber, it won’t be very much. The reality is that we don’t expect this to be received extremely well from companies that market their products based upon the fact that they have end-to-end encryption. We don’t have a responsibility to sell their products; we have a responsibility to keep America safe. This committee is going to stay focused with our intelligence community and our law enforcement to do exactly that. If it means that people are going to have to change their business models, then so be it, but at the end of the day, America’s safety is the absolute number one issue."
For a discussion of novelist Dan Brown's prescient acknowledgement of the risks posed by "unbreakable" encryption as far back at 1998, click here.