Privacy advocates are already concerned about legislation to establish a national commission to explore how police can obtain encrypted data without endangering Americans’ privacy.
“The commissioners would necessarily have to consider, and ultimately may even recommend, legal mandates to force technology companies to redesign or weaken their products’ security features,” said Kevin Bankston, director of the New America’s Open Technology Institute.
{mosads}The bill, introduced Monday, was intended as a compromise move that could bring together opposing sides in the divisive encryption debate.
While law enforcement officials warn that encryption is increasingly helping terrorists and criminals “go dark” and hide from investigators, privacy advocates and tech companies insist this type of unbreakable encryption is necessary to maintain digital security and online privacy.
The issue has come to a head in recent weeks after Apple defied an FBI-requested court order seeking help unlocking an iPhone used by one of the San Bernardino shooters.
House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.) have pitched their commission legislation as a compromise solution that will allow every voice to be heard.
“There are no easy or simple solutions to the challenges posed by the growing use of secure technologies,” Warner said on Monday. “I believe that we can strike an appropriate balance that protects Americans’ privacy, American security and American competitiveness, but we won’t achieve that while all sides continue to talk past each other.”
The measure obtained quick buy-in from key constituents, including encryption advocates on Capitol Hill, the tech industry and some civil libertarian groups.
“Solutions for today’s toughest challenges can only be found once a thoughtful dialogue begins, and this is the beginning of the conversation,” said Dean Garfield, CEO of the Information Technology Industry Council, which represents top tech firms like Apple, Facebook, Google, Microsoft and Twitter.
But the bill hasn’t gotten full-throated support from digital rights groups and privacy advocates, critical voices in the discussion. They expressed concerns that the commission — despite attempts at inclusiveness — is merely a longer route to getting law enforcement what it wants: guaranteed access to encrypted data.
The McCaul-Warner commission would consist of 16 members, including tech industry executives, privacy advocates, cryptologists, law enforcement officials and members of the intelligence community.
“With its members appointed by political leadership, and therefore likely to include inside-the-Beltway establishment experts with security clearances, we fear that this commission may end up stacked in favor of law enforcement and intelligence interests,” said Bankston, who attended a December sit-down on encryption policy with top White House cybersecurity and technology officials.
The commission would have six months to create an interim report and a year to deliver its full findings. Its scope would expand beyond encryption, exploring how authorities can maintain security with the proliferation of modern technology.
“With such a broad mandate, there’s no shortage of new and dangerous proposals that such a commission might generate that those who care about digital security and privacy would have to fight off,” Bankston added.
Joe Hall, chief technologist at the Center for Democracy and Technology (CDT), had similar reservations. CDT was also at the December meeting on encryption policy.
“We are concerned that the commission may focus on shortsighted solutions involving mandated or compelled backdoors [into encrypted platforms],” he said. “Make no mistake, there can be no compromise on backdoors.”
Hall suggested that the panel narrow its focus to improving “existing investigator practices.”
“When it comes to encryption, civil society, academics, the tech industry and technologists are unanimous that strong encryption makes our nation more secure,” he said.