Law enforcement officials told members of congress that they don’t want to cede any ground in a digital world that has already given them a flood of sensitive information about hundreds of millions of Americans.
During a House Energy and Commerce subcommittee on Tuesday, federal and state cops claimed that encryption technology is hindering their efforts to conduct criminal probes, but admitted that the overall digital ecosystem has been a boon to surveillance efforts.
“As far as the amount of information that we can receive today, yes, it is true we do receive more information today than we received in the past,” testified Sally Hess, the FBI’s Executive Assistant Director for Science and Technology. The NYPD’s Chief of Intelligence Thomas Galati concurred with his fellow witness, telling lawmakers that “the internet has made things a little bit easier” for police.
Both worried, however, that the increasing using of end-to-end encryption–provided as a default setting on newer Apple iPhones and certain messaging apps–could reverse the ease with which they’ve been snooping.
“Encryption is taking all of those gains away,” Galati said. He told the committee that the NYPD was sitting on 67 Apple devices that it had collected over the last six months, but couldn’t access them due to their encryption and passcode. “The more and more we go to encryption the harder it’s going to be to investigate and conduct long-term cases,” he claimed.
Technologists and tech companies on a second panel countered this line of thinking, saying the problem is a lack of police know-how and not consumer electronics’ security features.
“Data is readily accessible to law enforcement operating through proper legal channels,” Amit Yoran, the president of RSA Security, said in prepared testimony. He urged committee members “to ensure that the FBI and law enforcement agencies have the resources…and technical expertise required to keep up with the evolution of technology.”
Even according to the FBI, encryption shouldn’t offer federal officials an excuse to claim that they have hit a dead end.
“No investigator, no agent, will take that as an answer to say they should stop investigating,” Hess said, adding that it’s the duty of police to find whatever workaround they can.
“But those solutions may be time intensive. They may not eventually be effective. They may require an additional amount of resources or an additional amount of skill in order to get to those solutions,” Hess went on.
Dr. Matthew Blaze, an expert in the field from the University of Pennsylvania, offered technological suggestions to the law enforcement. “The systems we use today, including those protected by cryptography, are not impenetrably secure against sophisticated attack,” he said during the hearing. Such “inherent insecurity” can be exploited by police, without mandating weakening encryption, he advised.
Blaze pointed to the recent dust-up between Apple and the FBI over access to one of the San Bernardino’s shooters locked iPhones. Federal agents had sought a court order forcing Apple to subvert the device’s security, in a move that would have set a major legal precedent. The FBI eventually dropped its suit after it received assistance opening the phone from a third party—reportedly from a team of gray hat hackers.
Several committee members, however, expressed concerns over this arrangement spurring FBI outsourcing.
“This case raises important questions about whether we want law enforcement using non-governmental third party entities to circumvent security features developed by private companies,” said Rep. Yvette Clarke (D-N.Y.). “I have questions about whether this is a good model or whether a better model exists.”
The law enforcement witnesses admitted they depend heavily on the private sector to keep up with rapidly accelerating innovation. “I think a lot of the best people out there are working with private companies and not with the government.” Galetti said.
Also testifying at the hearing, on the first panel, was Charles Cohen, an intelligence commander with the Indiana State Police. He attempted to undermine Apple’s defense of encryption, claiming that “news reports” he read stated that the company had provided its source code to the Chinese government, essentially granting officials access to devices.
“Apple said they did not provide a backdoor to China, but they did not talk about the source code,” Cohen told the panel.
The company’s general counsel, Bruce Sewell, had an opportunity to refute that claim minutes later, on the second panel.
“I want to be very clear on this,” he said. “We have not provided source code to the Chinese government.” Sewell stated that the company rebuffed requests for the information roughly two years ago.
Tuesday’s hearing comes on the heels of the introduction last week of anti-encryption legislation sponsored by Senate intelligence committee leadership, Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.). The proposal would require tech companies to provide data or create new technological tools for police to obtain encrypted information.
Privacy-minded Sen. Ron Wyden (D-Ore.) said in response that he would do “everything in his power” to block the bill’s passage—even filibuster it.