Lawmakers criticize FBI's request for encryption back doors

It's impossible to ensure that only good guys will be able to access them, lawmakers say

U.S. lawmakers are skeptical of an FBI request for Congress to mandate encryption workarounds in smartphones, with critics saying Wednesday that back doors would create new vulnerabilities that bad guys can exploit.

It's currently impossible for smartphone makers to build in back doors that allow law enforcement agencies access to encrypted communications but also keep out cybercriminals, witnesses and lawmakers said during a hearing before the IT subcommittee of the House of Representatives' Oversight and Government Reform Committee.

Law enforcement representatives called on lawmakers to find a way to allow access to encrypted data as a way to prevent serious crime. Late last year, FBI Director James Comey called for a public debate on encryption after Apple and Google announced they would offer new encryption tools on their smartphone OSes.

But most lawmakers questioned the need for encryption workarounds. Building in back doors for encryption on smartphones would be "technologically stupid," said Representative Ted Lieu, a California Democrat with a background in computer science. Apple and Google have responded to public demand for encryption because of an "out-of-control surveillance state," he added.

With all kinds of unencrypted digital information and tracking technologies available to law enforcement agencies, police are living in a "golden age of surveillance," added Representative Jason Chaffetz, a Utah Republican and committee chairman. "We're certainly not going to go dark, and in some ways, we've never been brighter."

Congress needs to find the right balance between privacy and national security, but building back doors in encryption would be similar to "drilling a hole in a windshield," Chaffetz said. If Apple can figure out how to circumvent smartphone users' encryption, "so can the nefarious folks in a van down by the river," he said.

The FBI doesn't need to hold the keys to encrypted information on smartphones, but policymakers and the technology industry need to figure out a way to allow law enforcement access to criminals' devices when a judge issues a warrant, said Amy Hess, executive assistant director at the FBI's Science and Technology Branch. Tech companies should implement encryption workarounds in the product "design phase," she said.

When criminals are storing information on encrypted devices, the process of obtaining search warrants may be "an exercise in futility," Hess said. The FBI believes that "no one in this country should be beyond the law," she added. "The notion that a suspected criminal's closet could never be opened, or his phone could never be unlocked, even with properly obtained legal authority, is troubling."

Police have used information on smartphones to investigate many crimes, including child pornography and human trafficking, added Daniel Conley, district attorney in Boston. He called on Congress to require smartphone makers to allow law enforcement access to encrypted data and on technology companies to come up with new ways to allow law enforcement access to data.

Police agencies need access to digital information to solve crimes, and they don't otherwise track people, he added. "We don't monitor websites where people visit or aggregate data about people's personal health, wealth or shopping habits," Conley said. "That, frankly, is the purview of companies like Apple and Google."

Conley had harsh words for data collection by technology companies. "Their nominal commitment to privacy rights would be far more credible if they were forbidding themselves access to their customers' interests, search terms and consumer habits, but as we all know, they're taking full advantage of their customers' private data for commercial purposes," he added.

Other witnesses at the hearing said encryption workarounds would cause serious problems for technology vendors. U.S. smartphone apps that allow back doors would likely be banned in many European countries, said Jon Potter, president of the Application Developers Alliance. In addition, if the U.S. demands encryption back doors, other countries will follow suit, he said.

"Nearly every digital business wants to be global," he said. "But mandatory government back doors may spark a trade war and imprison businesses in their home country."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Amy HessregulationApplication Developers AllianceTed LieuJason ChaffetzJames ComeyDaniel ConleymobileprivacyU.S. FBIAppleconsumer electronicsGoogleU.S. House of RepresentativessecuritysmartphonesJon Pottergovernment

More about AppleFBIGoogleHouse of RepresentativesIDGNewsTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts