The Senate Judiciary Committee today held a hearing about the increased challenges that encryption poses for law enforcement. Government officials testified that advances in encryption technology make it more difficult for them to monitor communications, but there was little indication that lawmakers are prepared to require technology providers to ensure that law enforcement has backdoor access to encrypted communications and data.
Committee Chairman Charles Grassley, R-Iowa, said that the hearing is the first step in a conversation about the problem, and he hopes to see whether “any consensus is possible on this very important issue.”
Deputy Attorney General Sally Quillian Yates told the committee that terrorist groups such as ISIS increasingly recruit potential operatives via public social media sites, and then transfer the discussion to encrypted communications. Accordingly, even if law enforcement has a warrant to lawfully monitor a suspected criminal, it cannot do so if the communications or data are encrypted.
“We are creating safe zones where dangerous criminals and terrorists can operate and avoid detection,” Yates said.
Federal Bureau of Investigations Director James Comey told the committee that strong encryption, increasingly available by default, makes the job of law enforcement increasingly difficult.
“We cannot break strong encryption,” Comey said. “We have not found that tool. I don’t think it exists.”
Comey said there is a chance that consensus on the issue will be impossible to reach, though he would like to attempt to do so.
“I don’t come with a solution,” Comey said. “This is a really, really hard problem. I hear folks say, it’s too hard, it can’t be fixed. My reaction to that is, really?”
Some security experts argue that there is no need for an end-run around encryption. Peter Swire, a law professor at Georgia Institute of Technology, told the committee that geolocation, video surveillance, metadata, social networks, and other new technology provide law enforcement with a “cornucopia” of new evidence that had not previously been available.
“Law enforcement has access to growing and unparalleled evidence due to the technological changes of the past 20 years,” Swire said.
Swire also argued that creating exceptional access to encryption could create new security vulnerabilities by creating “concentrated targets for bad actors to target.”
“At a practical level, there are thousands of police departments spread across the United States. Providing online access to these police departments, while having iron-clad assurances that no hackers can get in, ignores the lessons of the recent OPM breach and the numerous other data breaches in the public and private sectors,” Swire said.
Swire’s comments were in line with a recent report released by leading cybersecurity technology experts, who concluded that providing special access to encrypted communications likely would “introduce unanticipated, hard to detect security flaws.”