US senator John McCain has indicated that he will push to outlaw encryption technology that the US government is unable to crack.
On Tuesday, he told reporters that “in the Senate Armed Services [Committee], we’re going to have hearings on it and we’re going to have legislation,” according to The Hill, labelling the current state of affairs “unacceptable.”
Encryption refers to scrambling data in such a way that it is unreadable without the correct password or key. Tech companies are increasingly incorporating “strong” and “end-to-end” encryption into their products — rendering the contents inaccessible to prying eyes.
The iPhone, for example, encrypts its contents by default, and cannot be decrypted by Apple or the authorities if they don’t have the correct passcode.
This move towards stronger encryption was largely brought about by the revelations of now-exiled NSA whistleblower Edward Snowden, whose disclosures about Western governments’ spy programs sparked a global debate about surveillance and stoked privacy fears.
It is a shift that has alarmed law enforcement in the West, who fear that it means vital evidence is “going dark.” In September 2014, a senior US police officer warned that the iPhone’s default-on encryption would make it “the phone of choice for the pedophile.”
However, technologists and privacy activists counter that any attempts to weaken encryption would be ineffectual, make ordinary people less secure online, would be open to abuse, and set a dangerous international precedent for authoritarian governments to demand access to data.
The New Crypto War
Encryption enthusiasts have largely had the upper hand in the debate, dubbed the “New Crypto War” given its parallels to similar debates over limits on cryptography in the Nineties. After deliberating, and despite the urgings of the FBI, the Obama administration says it has no plans to legislate against strong encryption, and the UK government says it doesn’t either (although concerns remain over the wording of the UK’s proposed new spying bill).
But the issue has reared its head again following the deadly terrorist attacks in Paris on Friday, that left more than 120 dead, and hundreds injured.
CIA director John Brennan said that “there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it … And I do hope that this is going to be a wake-up call.”
New York Police Department head Bill Bratton has joined the anti-crypto chorus. He told MSNBC: “We have a huge operation in New York City working closely with the Joint Terrorism Task Force where we’re monitoring and they go dark, because basically they go onto an encrypted app, they’re going onto sites that we can’t access.”
The New York Times also reported on Monday that “the attacks are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorised to speak publicly” — before deleting the story, and subsequently redirecting readers to a new one that does not mention encryption. (Here’s a link to an archived version of the original.)
The Snowden connection (or not)
Former CIA deputy director Michael Morell suggested that Paris could shift the momentum of the debate around encryption, and that Edward Snowden bears some responsibility for what happened in Paris.
“I think what we’re going to learn is that [the attackers] used these encrypted apps, right?” He told CBS on Monday. “This is a result of Edward Snowden and the public debate. I now think we’re going to have another public debate about encryption, and whether the government should have access to the keys, and I think the result may be different this time as given what’s happened in Paris.”
At this point, there’s no direct evidence that the attackers used encryption to cover their steps, although ISIS-affiliated individuals are known to use encrypted messaging apps like Telegram to communicate.
Several men who know each other and live in a small suburb managed to plan an attack in secret. And the assumption is “because encryption”
— the grugq (@thegrugq) November 18, 2015
Terrorists have also been using encryption technology since long before Snowden’s revelations: A report from USA Today from February 2001 — before 9/11 — has circulated following the Paris attacks, that warns that “terror groups hide behind Web encryption.”
Glenn Greenwald, one of the journalists whom Snowden leaked to, also furiously reacted to the accusations. Writing on The Intercept, he argued that “any terrorist capable of tying his own shoe — let alone carrying out a significant attack — has known for decades that speaking on open telephone and internet lines was to be avoided due to U.S. surveillance. As one Twitter commentator put it yesterday when mocking this new It’s-Snowden’s-Fault game: “Dude, the drug dealers from the Wire knew not to use cell phones.”
Calls for legislation
It’s in this context that McCain and others are calling for legislation to combat encryption. “In the Senate Armed Services [Committee] we’re going to have hearings on it and we’re going to have legislation,” he said.
Senator Dianne Feinstein said that “the chairman and I will consult other members of our committee will consult and hopefully we will be able to come forward with some proposals that make some good sense,” according to The Hill. She didn’t elaborate on the nature of these proposals: “I don’t think it makes sense to speculate.”
Many technologists have expressed doubt that any ban would be remotely enforceable, given that many encryption tools are open source or developed outside of Western jurisdictions.
Business Insider Emails & Alerts
Site highlights each day to your inbox.