US lawmakers push for encryption commission to find compromise

The proposed commission would include law enforcement leaders, the tech industry and private groups

The U.S. Congress should allow an expert commission to recommend ways to resolve the contentious debate over police access to encrypted communications before passing "knee-jerk" legislation, one lawmaker said.

Even as Apple and the FBI fight in court over access to a terrorist suspect's iPhone, a 9/11 Commission-style digital security panel should try to find a compromise between smartphone users' privacy and law enforcement access to encrypted devices, Representative Michael McCaul, a Texas Republican, said Wednesday.

"Given the complexities of this issue, there's no legislative, knee-jerk response that will solve this problem," McCaul, chairman of the House of Representatives Homeland Security Committee, said during a forum hosted by think tank the Bipartisan Policy Center. "This is an urgent issue, and I believe [a commission] is the best vehicle."

McCaul declined to comment on a legislative proposal, not yet introduced as a bill, that would require Apple and other tech vendors to help law enforcement agencies break into encrypted devices. He hasn't yet seen the full plan from leaders of the Senate Intelligence Committee, he said.

Still, any proposal to enforce police wiretap-style rules on encrypted devices wouldn't work, McCaul said, because such a regulation would introduce insecure "back doors."

McCaul and Senator Mark Warner, a Virginia Democrat and Senate Intelligence Committee member, plan to introduce a bill to establish their proposed digital security and encryption commission. The 16-member commission would include law enforcement leaders, privacy advocates, encryption experts, tech industry representatives and other groups, the two lawmakers said.

The lawmakers would expect the commission to produce recommendations in about a year, they said.

Both sides in the encryption debate are dug in, with the FBI, Obama administration and other law enforcement agencies pitted against many technology vendors, privacy groups and cybersecurity experts. In late 2014, FBI Director James Comey began raising concerns that investigations are "going dark" because of new encryption services on smartphones.

A commission would give all sides room to look at the issue again and seek alternatives, the two lawmakers said. Even though many commissions don't produce work that leads to solutions, "this could be a case where we prove the pundits wrong," Warner said.

It's a complex issue that needs more debate, Warner added. Many law enforcement and intelligence officials acknowledge that "encryption is here to stay, and it protects Americans' personal information, financial information, intellectual capital," he said. "This genie's not going to be put back into the bottle."

Four cybersecurity experts speaking after Warner and McCaul agreed that a commission is a good idea. A commission debate could help separate hype from fact and educate the public about the issue, they said.

A commission could offer a "more pragmatic approach" than the current encryption debate, said Susan Hennessey, a national security fellow at the Brookings Institution and former National Security Agency lawyer. "Getting people in a room who are willing to, as a matter of first principle, believe there might be a solution, represents a step forward."

But a presidential panel already voiced strong support for end-to-end encryption in 2013, noted Michael German, a former FBI agent who's now a fellow in the Brennan Center for Justice's Liberty and National Security Program.

The FBI and other government agencies have "not heeded these recommendations," he said.

The government wants digital technologies to build in more access to information than it demands from other products, German added.

"We don't require the people who manufacture paper shredders to have a chip that records and scans that document so it's recoverable," he said. "The piece of technology that has destroyed more evidence than any other ... is the flush toilet, and yet we realize the benefits of indoor plumbing to our society outweigh the fact that certain evidence is going to be beyond the government's reach."

Join the CSO newsletter!

Error: Please check your email address.

Tags applefbi

More about AppleFBIHouse of RepresentativesNational Security Agency

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts