Momentum slows for encryption bill

Congress seems unlikely to pass an encryption bill anytime soon despite the burst of momentum that followed the terrorist attacks in Paris and San Bernardino, Calif. 

In the aftermath of the deadly assaults, law enforcement officials warned that extremists might be encrypting their communication to carry out plots against the United States. Some suggested legislation was needed to prevent that from happening. 

{mosads}But the top two members of the House Intelligence Committee said this week they have not made any decisions about endorsing a bill that could lead to the de facto regulation of encryption standards.

“It’s going to be an ongoing issue,” Intelligence Chairman Devin Nunes (R-Calif.) told The Hill. “We’re looking at all the bills.”

Rep. Adam Schiff, the committee’s top Democrat, was more direct.

“I don’t think we’re any closer to a consensus on that than we were, I think, six months ago,” he said Tuesday at a Christian Science Monitor breakfast. “Or if there is a consensus, it is that a legislative solution, I think, is very unlikely.”

Numerous other congressional leaders have echoed that caution, making it increasingly doubtful that Congress will move quickly on an encryption bill.

“I think this is starting to look like more of a slow-burning, let’s learn the facts and proceed with caution sort of issue,” said Josh Withrow, legislative affairs manager at FreedomWorks, a libertarian-leaning advocacy group that opposes encryption legislation.

Law enforcement officials argue criminals and terrorists are increasingly using unbreakable encryption to communicate and hide plans from investigators, a phenomenon they call “going dark.”

Nunes said his committee has been briefed on numerous examples of this trend.

“There’s not a week that goes by that we don’t meet with some foreign country, an ally, that comes in with concerns about the encryption issues as it becomes harder and harder for law enforcement to do investigations,” he said. 

But major tech firms such as Apple have stood behind strong encryption, arguing they can’t comply with court orders seeking secured data because even they can’t crack into their products. 

Tech companies insist that having any method to access encrypted data puts all secure information at risk. Keeping a key around to unlock encryption means that anyone, including hackers, can use that key, they argue.

Weakening encryption could imperil everyday digital activities like online banking and endanger people’s privacy online, technologists caution.

The divergence of views has created a stalemate.

Some lawmakers think legislation could help, but they have not been able to coalesce around one approach. 

Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) — the Senate Intelligence counterparts to Nunes and Schiff  — are working on a bill that would force companies to comply with court orders seeking encrypted data. 

But their measure has not received much support from other key senators with jurisdiction over cybersecurity. 

Sen. Ron Johnson (R-Wis.), who chairs the Senate Homeland Security Committee, expressed doubts about the approach last week.

“Is it really going to solve any problems if we force our companies to do something here in the U.S.?” he said. “It’s just going to move offshore. Determined actors, terrorists, are still going to be able to find a service provider that will be able to encrypt accounts.” 

Schiff echoed Johnson’s concerns.

“The question that for me that may trump all others is, ‘Does it work to develop a key in a global environment if there’s not global consensus?’ ” he said. “I’m not sure that that argument can be overcome.”

Johnson’s lower chamber counterpart — House Homeland Security Chairman Michael McCaul (R-Texas) — has also spoken in opposition of the Burr-Feinstein bill, calling the concept “problematic.” 

McCaul (R-Texas) is set to introduce his own competing legislation with Sen. Mark Warner (D-Va.) — who sits on the Intelligence Committee — that would form a national commission to investigate encryption.

The commission would include tech industry leaders, privacy advocates, academics, law enforcement officials and members of the intelligence community. It would be tasked with providing recommendations on how police could get at encrypted data without endangering Americans’ privacy.

Those recommendations would likely involve a host of technological options, McCaul said, but could include legislative proposals as well. 

Nunes didn’t endorse either approach, but called the issue “an ongoing problem, not only here, but globally.” 

Schiff called the commission proposal “fine, but it may be a bit redundant.” But he believes the Burr-Feinstein effort is especially futile.

“I don’t think a legislative solution is feasible or at this point desirable,” he said, recalling last year’s contentious fight over surveillance reform that resulted in the USA Freedom Act, a bill that rolled back some of the more controversial government spying tactics.

“I can’t imagine, given the difficulty we had moving forward on the USA Freedom Act, that we could legislatively accomplish something where [we’re] this far from consensus on the encryption issue,” Schiff said.