Encryption Battle BrewingApril 4, 2016
The legal controversy between Apple and the FBI has certainly cooled off in light of the recent revelation that the government was able to bypass Apple’s built-in security measures and unilaterally gain access to encrypted cell phone data related to the San Bernardino terrorist attack late last year.
However, the debate over individual privacy and law enforcements ability to access encrypted information to further an investigation has never been fiercer.
The new focal point of this ongoing discussion is centered on two bills that are being considered in the nation’s capital. One proposal authored by Richard Burr, a North Carolina Senator and Chairman of the Senate Select Committee on Intelligence, and Diane Feinstein, his Democratic colleague, has caught the eye of many observers of the encryption issue. This legislation, while far from complete, signals Congressional intent to take a more proactive approach in dealing with the encryption issue. A draft of the bill has recently been circulated to lawmakers on Capitol Hill with the bill expected to be formally introduced in Senate soon.
According to sources familiar with Burr’s bill, the legislation would give federal judges clear authority to order technology companies to cooperate with law enforcement trying to access encrypted data. By many accounts, the proposed legislation is vague and perhaps purposefully so. The bill “does not spell out how companies must provide access or the circumstances under which they could be ordered to help.” Furthermore, “[i]t does not create specific penalties for noncompliance, leaving that determination to judges.” The latest draft of the proposal was circulated after the Obama administration reportedly reviewed the bill and offered some suggestions. This development seems to indicate some degree of support from the administration, marking a significant change in its initial point of view. Regardless of this perceived support from the executive branch, this bill faces many obstacles given the fact that it has been proposed in an election year with a compressed legislative schedule.
However, according to some who are monitoring the issue on Capitol Hill, an entirely separate encryption bill stands a far better chance of passing this year. That bill has been proposed by Representative Michael McCaul and Senator Mark Warner. The McCaul-Warner approach “would create a 16-member digital security commission comprised of experts in cryptography, law enforcement and privacy.” McCaul believes it would be problematic for law enforcement to mandate the creation of ‘backdoor’ routes to encrypted data but at the same time he realizes that this technology can be exploited by criminals for illegitimate means. The commission would allow the encryption issue to be tackled in a more expedited fashion. More importantly, McCaul views the commission as a critical component of striking a compromise between the competing interests of privacy protections and the legitimate goals of law enforcement. Yet the McCaul-Warner proposal is far from a perfect compromise for the interested parties. Many privacy advocates worry that the commission idea could open the door to the kind of backdoor entrance into encrypted data that they fear the most. On the other hand, national security hawks are concerned that the bill does not do enough to facilitate cooperation between the tech industry and law enforcement agencies. While many in the tech industry have reservations about both proposals in Congress, McCaul’s commission bill could pick up significant support from the industry if Burr’s more stringent approach to the encryption question starts to gain traction this year.
The fact that both of sides of the encryption debate are so far apart on a potential compromise is a testament to just how difficult this issue is for policymakers and stakeholders alike. However, several important observations can be drawn from these recent legislative developments. First, Congress is finally taking this issue seriously and is indicating its willingness to act. Second, both bills have bipartisan support signaling that this is an issue that cuts across party lines. This certainly raises the hope that a productive solution to this problem can be reached that addresses the issues raised by the recent Apple litigation. The ultimate fate of the two recently proposed encryption bills is really not all that important. What is important, however, is that a national discussion has been started about an important policy issue moving forward. For the first time, both sides of the encryption debate are sitting down at the same table attempting to negotiate a reasonable outcome. How will the encryption debate ultimately end up? I guess, only time will tell.