LAW ENFORCEMENT OFFICIALS, tech executives, and privacy advocates have been calling for Congress to set the rules of the road for the increasingly widespread use of unbreakable encryption. But as Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., illustrated just last week by releasing a draft bill to basically ban the technology, that might not be the best idea.
Attempts to regulate math are nonsensical. Encryption is here to stay. Arguing about it is a waste of time.
At a House Energy and Commerce subcommittee hearing on Tuesday, a few members of Congress pivoted away from that tired and ultimately fruitless policy argument to discuss instead what could be considered the next phase of the Crypto Wars.
In that phase, the questions are about how law enforcement can get around encryption rather than break through it.
The answers involve “lawful” hacking — exploiting devices through known and unknown security flaws — rather than trying to created new ones, or “backdoors.”
But what rules should apply to government hackers? Should they disclose the flaws they find to companies so they can be patched, to the benefit of all users? Or should they keep them secret to maybe catch the next criminal with the same trick? Should the government build its own hacking resources, or outsource the job?
Rep. Diana DeGette, D-Colo., asked Amy Hess, the FBI’s head of science and technology, if hiring a team of highly skilled hackers might be helpful.
“Like in the San Bernardino case, the FBI hired a third party to help them break the code. … Why can’t we bring more capabilities in house in the government to be able to do that?” DeGette asked.
Hess described the FBI’s hacking attempts as time consuming, successful on a case-by-case basis, and fragile — solutions that “may not be scalable” if more and more devices have stronger and stronger security.
And to bring those skills completely under the government’s roof? Hess totally ruled it out. “No ma’am, I don’t see that as possible. We need the cooperation of industry, we need the cooperation of academia, and we need the cooperation of the private sector in order to come up with solutions.”
Hess manages the FBI’s controversial high-tech tools, including its hacking capabilities. The FBI has been relatively tight-lipped about its ability to exploit vulnerabilities in digital devices and platforms, but it’s been doing it for nearly two decades, and in some cases, with tools that were developed in-house. Most recently, the bureau has been in the limelight for hacking over a thousand computers to ensnare consumers of child pornography.
Rep. John Yarmuth, D-Ky., told the panel of law enforcement experts that he was having trouble coming up with new questions about encryption that might elicit any new information. So instead, he chose to ask what the FBI planned to spend the $38 million it’s asking for this year to fight the “going dark” problem the agency says encryption is posing.
Hess told him that the FBI would try to use that money to “get around the problem.” Some things on her list included training employees to become better “password guessers,” purchasing tools to “exploit some technical ability,” and finding a way to “make better use of metadata.” She didn’t explain any further.
A panel of technology experts included Matt Blaze, associate professor of computer science at the University of Pennsylvania, Apple general counsel Bruce Sewell, Daniel Weitzner, a research scientist at MIT, and Amit Yoran, the president of RSA Security.
They generally agreed that the government could and should beef up in-house hacking — as long as the government is willing to engage in conversations about when it should disclose the tools it uses so companies can repair them. Sewell said the topic “has not been well explored,” and that Apple didn’t have a position on it.
With lawful hacking now on the table, privacy and security advocates called for a public discussion on the rules of the game, before the government starts building — or buying — an exploit army in Washington.
And it has never been specifically authorized by Congress. https://t.co/xLga72KEyc
— Amie Stepanovich (@astepanovich) April 19, 2016
https://twitter.com/agcrocker/status/722468942271229952
Since we're still having serious/difficult debates over whether/when LE hacking *is* lawful, calling it "lawful hacking" seems premature.
— Megan Graham (@meganmcgraham) April 19, 2016
Related:
- The Big Secret That Makes the FBI’s Anti-Encryption Campaign a Big Lie
- FBI Vs. Apple Establishes a New Phase of the Crypto Wars
Top photo: Amy Hess, FBI executive assistant director for science and technology, Chief Thomas Galati of the NYPD Intelligence Bureau, and Captain Charles Cohen of the Indiana State Police Office of Intelligence and Investigative Technologies at a House Energy and Commerce hearing on April 19, 2016.
IT’S EVEN WORSE THAN WE THOUGHT.
What we’re seeing right now from Donald Trump is a full-on authoritarian takeover of the U.S. government.
This is not hyperbole.
Court orders are being ignored. MAGA loyalists have been put in charge of the military and federal law enforcement agencies. The Department of Government Efficiency has stripped Congress of its power of the purse. News outlets that challenge Trump have been banished or put under investigation.
Yet far too many are still covering Trump’s assault on democracy like politics as usual, with flattering headlines describing Trump as “unconventional,” “testing the boundaries,” and “aggressively flexing power.”
The Intercept has long covered authoritarian governments, billionaire oligarchs, and backsliding democracies around the world. We understand the challenge we face in Trump and the vital importance of press freedom in defending democracy.
We’re independent of corporate interests. Will you help us?
IT’S BEEN A DEVASTATING year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
I’M BEN MUESSIG, The Intercept’s editor-in-chief. It’s been a devastating year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
Contact the author:
Latest Stories
License to Kill
Trump Has Already Spent at Least $4.7 Billion Attacking Latin America
It’s not cheap to attack Venezuela and capture its president or conduct dozens of strikes on civilian boats.
ChatGPT Confessed to a Crime It Couldn’t Possibly Have Committed
A renown criminologist’s experiment with ChatGPT demonstrates the destructive power of police to elicit false confessions.
Chilling Dissent
The Short and Ridiculous Trial of a Protester Arrested in an Inflatable Penis Costume
An Alabama cop who confronted the No Kings protester claimed she posed a risk to public safety. The judge was unconvinced.