The Republican chairman of the House Homeland Security Committee and a Democratic member of the Senate Intelligence Committee plan to introduce legislation next week creating a congressional commission to bridge the growing divide between law enforcement and encryption providers.
“We’re actually in very unique positions I think to bring the relevant stakeholders together to find a solution to this very great problem,” House Homeland Security Chairman Mike McCaul said Wednesday at the Bipartisan Policy Center. “And that’s the whole point of the bill and the commission — to find a solution to a Paris-style attack where the attackers are using end-to-end encryption on apps to conduct a major terrorist operation.”
In the December aftermath of the Islamic State-inspired attacks in Paris and San Bernardino, McCaul and Virginia Democratic Sen. Mark Warner announced their plan for a 9/11-style congressional commission to facilitate talks between the tech industry and law enforcement to seek solutions to the issue of terrorists “going dark.”
The lawmakers said they expect broad congressional and administration support for the bill, which will form a bicameral commission to discuss digital security issues facing law enforcement and national security, including encryption.
Those discussions will include all relevant stakeholders, including Silicon Valley, the FBI, local law enforcement, cryptologists, the intelligence community and privacy advocates.
McCaul and Warner said they expect the bill to be fast-tracked to passage, and gave a timeline of one year before the commission produces a report with recommendations for Congress.
Director of the FBI James Comey has spent well over a year warning Congress of a growing threat posed by potential terrorists communicating via end-to-end encrypted platforms, like those offered by default from Apple and Google.
Those warnings gained more attention between December and February when Comey testified before Congress the FBI has been unable in at least two instances to access the communications of known terrorist suspects, the most recent being those on an iPhone belonging to Syed Farook, who with his wife Tashfeen Malik executed the attack that left 14 dead in San Bernardino.
Last week a federal district court in California, citing an 18th-century law meant to act as a gap-filling statue when no existing law applies, ordered Apple to assist the FBI in unlocking Farook’s iPhone 5c by disabling the password attempt limit. If Apple complies, it would open the door for the FBI to brute-hack the phone.
Apple CEO Tim Cook refused the order on the grounds Apple does not possess the ability to comply with the FBI’s request, and that forcing the company to build it would create a dangerous tool and precedent that would likely be abused by the government and authoritarian regimes.
“We think there’s a better solution,” McCaul said.
The Cupertino-based company supports the McCaul and Warner commission, however others in Congress, including Warner’s fellow Intelligence committee members Sen. Dianne Feinstein and Chairman Richard Burr are working on their own bill to force companies like Apple to cooperate or suffer punitive damages.
“One option is to amend the CALEA (Communications Assistance for Law Enforcement Act) statue,” McCaul said. “Put a backdoor into this phone, so the government can get into it, but also the hackers can. And let’s not forget the majority of these apps are overseas, outside of our jurisdiction.”
Warner said amending CALEA, the ’90s-era legislation compelling telecommunications providers to assist law enforcement by facilitating wiretaps, doesn’t create a long-term solution, and would likely only drive criminals and terrorists onto encrypted platforms developed outside the U.S.
“The networks that were devised in the ’90s and the networks in 2016 and 2020s are dramatically different,” Warner said. “A static solution, which might simply drive smarter criminals and smarter terrorists to foreign-based systems and foreign based hardware, or even with American hardware a personal system they could unlock and then import from the cloud encrypted techniques, isn’t going to get it right.”
Warner said there are close to 2,000 apps being added to the App Store every day, half foreign-based and most encrypted.
“This genie’s not going to be put back in the bottle,” he said, adding any solution will have to include international operating standards the U.S. could lead in developing with the commission.
“There is no easy legislative knee-jerk response to this,” McCaul said. “Amending CALEA is not going to solve the problem, and more than half these companies are overseas anyway. That punitive measure against industry — I’m not sure that’s going to be the right answer, and it will hurt our economy and our international business.”
“And it may not make us safer,” Warner added.