Unmoved by pleas from the administration, lawmakers appear resolute in their unwillingness to consider weakening privacy technology proliferating in the wake of revelations about government spying.
“It’s impossible to build backdoor just for the good guys,” Rep. Jason Chaffetz, one of a number of skeptics of the executive branch said during an oversight subcommittee hearing on Wednesday, featuring witness testimony from the private sector, academic arena, and law enforcement.
“If someone at the Genius Bar can figure it out, so can the bad guys in a van down by the river,” the full oversight committee chair added.
Chaffetz noted that we are already living in a “golden age of surveillance for law enforcement” with federal, state, and local authorities having more spy tools at their disposal than ever before—belying testimony from federal officials who claimed that encrypted technology is hindering their investigatory powers.
Amy Hess, the Executive Assistant Director at the Federal Bureau of Investigation’s Science and Technology Branch countered that because of encryption, “those charged with protecting the American people aren’t always able to access the information necessary to prosecute criminals and prevent terrorism even though we have lawful authority to do so.”
Similarly, Massachusetts District Attorney Daniel Conley used his testimony to attack companies offering encrypted services
“We recognize that Google and Apple are global companies with a worldwide customer base, but whatever goodwill or support they believe they will earn with these dangerous operating systems will erode rapidly as victims of physical and economic predation find their paths to justice blocked while those who hurt and exploit them are protected,” he told lawmakers.
Conley added that the companies are using “an unreasonable, hypothetical narrative of government intrusion as the rationale for the new encryption software.”
That testimony elicited a harsh rebuke from the dais, with Rep. Ted Lieu (D-Calif.) saying he “took offense” to the testimony.
“This is a private sector response to government overreach,” Lieu said, citing NSA programs revealed by contractor-turned-whistleblower Edward Snowden.
“To me, it is very simple to draw a privacy balance when it comes to law enforcement–just follow the damn constitution,” Lieu said.
“It is clear to me that creating a pathway for encryption only for good guys is technologically stupid,” he said, echoing the testimony of technologists on the panel.
An expert in the field of encryption, Dr. Matthew Blaze, an Associate Professor at the University of Pennsylvania’s School of Engineering and Applied Science, told lawmakers that a “lawful access only” mechanism in encryption is “effectively impossible,” and that “attempts to mandate one would do enormous harm to the security and reliability of our nation’s infrastructure, the future of our innovation economy, and our national security.”
When Rep. Blake Farenthold (R-Texas) inquired to the panel if any members thought it was possible to build a completely secure “golden key,” not a single witness raised a hand.
Lawmakers have largely maintained their position on encryption despite widespread lobbying attempts by an administration not bashful about fearmongering.
“We’re drifting to a place where a whole lot of people are going to look at us with tears in their eyes,” FBI Direct James Comey said before the House Appropriations Committee in March, describing a dire hypothetical situation of police not being able to rescue an abducted little girls because they can’t access the kidnapper’s encrypted phone. He asked Congress for a “legislative fix.”
Like the FBI witness and others advocating for a golden key—a subset of the administration that includes NSA Director Adm. Mike Rogers and White House Press Secretary Josh Earnest—Comey has currently failed to muster an explanation as to how law enforcement would be able to access the protected information without fundamentally weakening its security.
One witness on Wednesday, however, said that encryption-cracking isn’t even necessary, when police are attempting to access information on one type of popular phone. During questioning from Rep. Will Hurd (R-Texas), Dr. Blaze noted that it was possible for investigators to use a “brute force attack” to acquire the standard 4-digit pin number on most Apple iPhones in “no time at all.”
That’s the “equivalent of taking a safe out of a home and using some safecracking skills,” Rep. Hurd commented.
“This would be much easier than that,” Blaze replied.