Top U.S. officials said Wednesday that encryption technology on smartphones and other devices is blocking their ability to lawfully access data and communications that could prevent a terrorist attack, thwart cybercrime or help find a missing child.
“Increasingly, we are finding that even when we have the authority to search certain types of digital communications, we can’t get the information we need because encryption has been designed so that the information is only available to the user,” said Deputy Attorney General Sally Quillan Yates in testimony before the Senate Judiciary Committee.
The hearing came at a time of persistent and emerging security threats and heightened public angst over privacy and the security of their personal information in the digital age.
Of particular concern for U.S. law enforcement is “going dark,” a shorthand term for impenetrable data stored on a device or being sent and received in real-time.
“I am finding that the tools we are being asked to use are increasingly ineffective,” said FBI Director James Comey. “I don’t come with a solution. This is a really, really hard problem.”
Yates said that even when a court authorizes access to a locked, encrypted smartphone, “it is essentially a brick to us. We can’t access any of the information on that phone.”
According to Corney, such data protection, crafted by technology giants like Apple in response to consumer demands for privacy, hampers the fight against communications-savvy groups like Islamic State, which uses Twitter and other platforms to recruit and inspire radicals across the globe.
“ISIL is reaching out, primarily through Twitter, to about 21,000 English-language followers,” Comey said. “So it’s no longer the case that someone who is troubled needs to go find this propaganda and this motivation. It buzzes in their pocket.”
Yates and Comey said some smartphone manufacturers have responded to their pleas to find a “fix” to the data-access barrier, while others have not.
The situation puts lawmakers in the difficult position of wanting to act to protect national security while representing an electorate of avid smartphone users leery of government snooping and unnerved by recent government data breaches.
“We want our data to remain private. We want it to be secure,” said the committee’s chairman, Republican Senator Chuck Grassley. “But at the same time, these wonderful technologies are also being employed by those who seek to do us great harm.”
New legislation governing cybersecurity is needed, according to Homeland Security Secretary Jeh Johnson, who spoke at a separate event Wednesday in Washington.
“There is more Congress can do,” Johnson said. “Congress has a role in cybersecurity to ensure that we have adequate resources and budget and the legal authorities necessary to pursue the mission.”
The secretary recommended universal federal adoption of a program called EINSTEIN to monitor and protect all federal agency networks, encourage private companies to share information about cyber threats, and deploy a national system for reporting data breaches.
“We cannot detect and stop every single intrusion,” said Johnson. “But, my message today is we have increased, and will continue to increase the instances in which attempted intrusions are either stopped at the gate, or rooted out from inside the system before they cause damage.”
Not everyone is enamored with the idea of aggressive federal action. This week, a group of elite technology experts issued a report concluding that any solution contemplated by Congress could have vast and damaging unintended consequences.
“New law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws,” said the report, issued by the Massachusetts Institute of Technology.
“Beyond these and other technical vulnerabilities,," the report continued, "the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.”
Others testifying on Capitol Hill said while technology presents ever-changing challenges for law enforcement and national security, it also arms authorities with unprecedented abilities and a “cornucopia” of data.
“Law enforcement has access to growing and unparalleled evidence due to the technological changes of the past 25 years,” said privacy and cyberlaw expert Peter Swire of the Georgia Institute of Technology. “The balance has, indeed, shifted clearly in the direction of law enforcement having the evidence it never had before in human history.”
