A new report from Congress concludes that while widespread encryption is a challenge for law enforcement, it is "essential to both individual privacy and national security."
But it also concludes that those outlooks are not mutually exclusive.
That is the takeaway from a bipartisan working group created by the leadership of the House Energy & Commerce Committee and the House Judiciary Committee.
The committee's creation and ensuing report was prompted by the court fight with Apple over access to data on an iPhone related to a 2015 shooting. Apple resisted a court order to help decrypt the information and the FBI found another way in, but the issue prompted national debate over security vs. access.
Given that protecting data in an increasingly connected world roamed by tech-savvy bad actors, "Congress should not weaken this vital technology because doing so works against the national interest," the report concludes. "However, it should not ignore and must address the legitimate concerns of the law enforcement and intelligence communities."
They said that should include possible collaboration between law enforcement and the tech sector, something they said had received little attention in their respective committees.
While they said there is already cooperation between the private and public sectors, the report said stakeholders on all sides said there remains a significant gap in the tech knowledge and capability of law enforcement and it was unclear whether they understood what unencrypted data is available, who controls it, how it could be useful to investigators and how to leverage that information, much less that which is not as readily available.
The report said in the next Congress, the committees might explore legal hacking. "A legal framework under which law enforcement agencies can exploit existing flaws in digital products."
"The debate about government access to encrypted data is not new—but circumstances have changed, and so too must our approach," said the report. "That is why this can no longer be an isolated or binary debate. There is no 'us versus them,' or 'pro-encryption versus law enforcement.' This conversation implicates everyone and everything that depends on connected technologies."
Kevin Bankston, director of New America’s Open Technology Institute, was pleased with the report's conclusions.
“Today’s report from the bipartisan Congressional working group on encryption supports what OTI has been saying for the past two years," said Bankston. "Forcing U.S. companies to refrain from offering strongly encrypted products or to introduce surveillance “backdoors” into those products would not make us safer but would instead threaten everyone’s cybersecurity as well as America’s economic security. We hope that this report sends a strong signal to Senators Ricahrd Burr and Dianne Feinstein and anyone else on Capitol Hill considering legislation that would undermine encryption: the House committees that have jurisdiction over this issue are not interested in moving forward with any wrongheaded backdoor bill.”
“Today’s Encryption Working Group report represents a critical first step in elevating the encryption debate beyond the fallacy of privacy versus security,” said working group member Rep. Suzan DelBene (D-Wash.). “I am pleased that our group was able to come together on a bipartisan basis to affirmatively state once and for all: requiring companies to weaken devices with ‘backdoors’ means we open up innocent Americans to the bad actors who would love easier access to our citizens’ personal information. Now, it is time for Congress to move beyond binary debates and work toward solutions that strengthen national security, not weaken it. Our first priority must always be keeping Americans safe and I believe the working group has confirmed we are capable of looking beyond the headlines to help law enforcement without undermining encryption.”