17 September 2016

With national privacy debate unsettled, US intelligence officials back encryption


The debate over encryption on smartphones and messaging apps is poised to heat up again on Capitol Hill after it peaked last winter when Apple denied an FBI request to help unlock a terrorist's iPhone.

Senate Intelligence Committee leaders Dianne Feinstein (D) and Richard Burr (R) are apparently working on another push for their bill to compel companies to give law enforcement access to encrypted data if presented with a court order. When the senators initially circulated a draft bill earlier this year, however, privacy advocates and tech industry groups alike roundly criticized their proposal.

On Tuesday, senators returned to the issue of encryption, which many politicians and law enforcement officials such as FBI Director James Comey complain helps terrorists and criminals mask their communications, in an Armed Services Committee hearing with National Security Agency Director Adm. Michael Rogers and Undersecretary of Defense for Intelligence Marcel Lettre.

Sen. John McCain (R) of Arizona said that if the military and intelligence agencies didn't act to address potential security blind spots when it comes to the Islamic State (known as both ISIS or ISIL) using private messaging apps to recruit and plan attacks, Congress would likely pursue legislation to regulate encryption.

"Ignoring the issue, as the White House has done, is also not an option," he said. "ISIL has utilized encrypted communications that just a few years ago were limited to a select few of the world's top intelligence services."

But Mr. Lettre rejected the notion that broad legislation is the answer when it comes to encryption, and said the Pentagon wouldn't prefer a legal approach requiring companies to create a so-called "backdoor" for government access to secure communications.

"From a policy perspective, we're in favor of strong encryption. We benefit from it ourselves," he said, citing his own desire to protect personal data. "So anything that looks like a backdoor is not something we'd want to pursue."

Instead, he said, the government should pursue a case-by-case approach where officials have "quiet" dialogs with tech companies to resolve conflicts such as the one between Apple and the FBI, which erupted after the tech giant denied an agency request to develop software that would weaken password protections for an iPhone used by the slain shooter in the San Bernardino, Calif., terrorist attack, making it easier for investigators to break in.

In the aftermath of that attack and recent terrorism in Europe, Sens. Feinstein and Burr floated their draft bill, which appeared to lose support after widespread criticism. 

But while Lettre said the government should work more closely with tech companies on encryption, lawmakers questioned whether that's a realistic approach.

"I would always rather try to sit down and resolve the situation rather than pass legislation," said Sen. Jeanne Shaheen (D) of New Hampshire. "But right now, we've had mixed reviews of the opportunity to work collaboratively with the private sector to address this issue," she said, noting that Twitter recently cut off US intelligence agencies’ access to its full data feed as an example of the limits of dialogue.

Admiral Rogers came out in favor of encryption to protect military and private networks, while acknowledging that terrorist access to encryption poses a national security threat. He was particularly blunt about the Islamic State's ability to adapt its communications strategy to avoid surveillance. 

"ISIS remains the most adaptive target I've ever worked in 35 years as an intelligence professional," he told the senators. 

But Rogers also attempted to pivot away from the focus on encryption altogether. When Sen. Daniel Sullivan (R) of Alaska asked about the top three threats that keep Rogers up at night, encryption was conspicuously absent from the list. 

Instead, Rogers talked about the day-to-day protection of Department of Defense networks and his concern that terrorists will begin to use the internet as a direct weapon rather than a fundraising or recruitment tool.

He emphasized the need to invest in a range of tools and technologies, rather than focusing narrowly on encryption and signals intelligence. That’s especially important, he said, given the adaptability of terrorist groups like ISIS.

While many politicians have singled out secure communication apps as enabling terrorist planning and recruitment, the message from the tech industry and privacy advocates that encryption also helps protect average consumers and businesses has resonated in Washington, says Neema Singh Guliani, a legislative counsel with the American Civil Liberties Union.

"There are isolated members who continue to push for legislative changes," Ms. Guliani told Passcode. "But more and more members, as well as the general public, understand the value of encryption and are very concerned by those proposals."

No comments: