By The Herald Editorial Board
The importance of data security and encryption — starting with our smartphones and our email and other online accounts on up to corporate and government data servers — should be more than clear now, following the revelations of Russian hackers attempting to mess with the U.S. presidential election, not to mention Yahoo’s repeated security breaches involving millions of email account passwords and other information.
The value of encryption, however, was subject to debate just a year ago following the horrific San Bernardino, California, massacre on Dec. 2, 2015. Syed Rizwan Farook killed 14 people and wounded 22 others during a Christmas party for county employees.
During the investigation, the FBI found an Apple iPhone used by Farook, locked with a passcode, that investigators believed might contain important information and communications. The FBI initially sought Apple’s help to get around the passcode.
Apple resisted, saying that creating a “backdoor” access for law enforcement could weaken encryption and security protections for its products for its millions of other users. A federal judge ordered Apple to comply with the request, but, in the end, the FBI went to a third party that cracked the phone’s code without Apple’s assistance.
(Investigators found little useful information on the phone, except for the knowledge that Farook did not make contact with another plotter during an 18-minute gap that the FBI said was missing from its timeline of the attacker’s actions after the shooting.)
That hasn’t ended the debate, however, regarding the needs for law enforcement and national security agencies to get access to information they believe is important and the concerns that weakening encryption protections could lead to bigger problems for personal and national security.
Those challenges are examined in a new report by a bipartisan working group of representatives from the U.S. House Senate Judiciary and Energy and Commerce committees, among them Washington state 1st District Rep. Suzan DelBene.
The report acknowledges the challenges that law enforcement faces, especially as encryption technology becomes more sophisticated, using the term “going dark” to refer to the increasing difficulty in gathering certain forms of evidence. The FBI, the report notes, has been especially critical, arguing that law enforcement may no longer be able to “access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.” The challenge is even more complicated for state and local law enforcement agencies that don’t have the resources of the federal government.
But the report also says that data security experts have shown that it would be difficult, perhaps impossible, to devise a one-size-fits-all system that gives law enforcement the access it desires but wouldn’t compromise security against hackers, industrial spies and other bad actors. (We’re looking at you, Fancy Bear and Cozy Bear.)
The concerns on each side of the debate are not mutually exclusive, the report finds. It recommends that Congress foster cooperation among the law enforcement and information technology communities.
Among specific recommendations, the report points to assistance companies could provide toward the technical knowledge of law enforcement, particularly among state and local agencies, when it comes to requests for information that haven’t followed the legal process, are technically deficient or are directed at the wrong company. Nor is law enforcement well versed in requesting and using data that isn’t encrypted, such as metadata.
The report also sees “lawful hacking” as one solution — just as the FBI used by going to a third party to crack Farook’s iPhone — exploiting existing flaws in device or service’s digital security but without requiring a company to build a backdoor into its product.
It’s encouraging to see a balanced and bipartisan report on the issues involved.
“Our first priority must always be keeping Americans safe,” DelBene said in an email, “and I believe the working group has confirmed we are capable of looking beyond the headlines to help law enforcement without undermining encryption.”
The 1st District Democrat said it was her goal to see legislation come out during the next Congress.
Despite bipartisan support, legislation is likely to face challenges. Sen. Jeff Sessions, R-Alabama, President-elect Donald Trump’s pick for Attorney General, has previously supported calls that companies be required to create backdoors for law enforcement. Trump’s own positions on technology are less well known.
What’s clear now is that there are enough challenges to protecting our privacy and the digital data that is now part of our lives. There are better ways to assist law enforcement than making that access any easier for crooks and meddlers.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.