House Panel Questions Law Enforcements' Desire for Backdoors on Encrypted Mobile Devices
Law enforcement needs to earn the trust of the American public, and a government-mandated front or back door put into mobile devices so law enforcement could access encrypted data may hinder the relationship, said House Subcommittee on Information Technology Chairman William Hurd, R-Texas, during a hearing on the issue Wednesday. Ranking member Robin Kelly, D-Ill., said she hoped to find a balance between law enforcement access to data and ensuring privacy protections. Hurd said he appreciated law enforcement’s desire to access information in a timely manner but wants to ensure the privacy rights of Americans are protected.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Committee on Oversight and Government Reform Chairman Jason Chaffetz, R-Utah, said he wouldn’t give up his own privacy for security. Chaffetz said it’s “impossible to build a back door for just the good guys.” If someone at the Apple Genius Bar can figure out a back door, so can the “nefarious folks in a van down by the river,” he said. Chaffetz said encrypting mobile devices without giving law enforcement a key is not “anti-law enforcement” but helps protect the personal and sensitive information on a mobile device. No one, not even the White House, is immune from cyberattacks, Chaffetz said.
New technology creates new challenges for law enforcement and our ability to access communications, said FBI Executive Assistant Director Amy Hess. The law enforcement community refers to its inability to access necessary information to prosecute criminals and prevent terrorism as “Going dark,” she said. “To be clear: We obtain the proper legal authority to intercept and access communications and information, but we increasingly lack the technical ability to do so,” Hess said.
“When Apple announced its new iOS 8 operating system, it touted the fact that this technology would not allow law enforcement, even with a court order, to access information on its mobile phones, computers, iPads and other devices,” said Suffolk County, Massachusetts, District Attorney Daniel Conley. “Google also stated that its new operating system would make its mobile devices inaccessible to law enforcement officials, even with a warrant signed by a judge,” Conley said.
“Law enforcement and national security investigators need to be able to access communications and information to obtain the evidence necessary to prevent crime and bring criminals to justice in a court of law,” Hess said. “The Fourth Amendment allows law enforcement access to the places where criminals hide evidence of their crimes, once the legal threshold has been met,” Conley said. “In decades past, these places were car trunks and safety deposit boxes; today they are computers and smart phones.”
“Back doors can’t be done safely,” University of Pennsylvania computer and information science assistant professor Matthew Blaze said. It’s not an exaggeration to say the state of software security is emerging as a national crisis, he said. The two known ways to manage the risk of software systems are encryption and minimizing features of the system, Blaze said.
“Law enforcement criticism of encryption is perplexing,” said Application Developers Alliance President Jon Potter. Until a few weeks ago the FBI website recommended all organizations use encryption to protect data, Potter said. The FTC maintains encryption is key in data security, he said. Subcommittee Vice Chairman Blake Farenthold, R-Texas, asked Hess why the FBI took the information down. Hess said a link recommending use of encryption is on the FBI’s website and the agency “fully supports” encryption.
If the U.S. government gets a back door, other countries may demand their own back doors, Potter said. All of the other witnesses agreed. Kevin Bankston, co-Director of New America’s Cybersecurity Initiative, said there's concern that bad actors would target the system where the encryption keys lived. Hess said the FBI is looking for a way to access readable information securely and would be OK if companies provided the information to law enforcement directly once a warrant was obtained.
If an individual’s phone can’t be searched pursuant to a warrant, evidence proving an individual had taken pictures and videos up a female’s skirt, viewed or took child porn, or engaged in the sexual exploitation or trafficking of men, women and children will never be used to hold offenders accountable, Conley said. Criminals will use warrant-proof devices, Conley said. Apple and Google’s “nominal commitment to privacy rights would be far more credible if they were forbidding themselves access to their customers’ interests, search terms, and consumer habits,” Conley said.
“Conley has it backward,” said Bankston. “Strong encryption is critical to law and order in the digital age,” more than it's a threat, he said. Strong encryption prevents crime, he said.
Rep. Ted Lieu, D-Calif., said Conley had an “offensive fundamental misunderstanding of the problem.” The public and privacy advocates have demanded Apple and Google protect their information because the National Security Agency and other law enforcement agencies “didn’t follow the damn Constitution” and “violated” the Fourth Amendment rights of citizens for years, Lieu said.