The U.S. is better off supporting strong encryption that trying to weaken it, according to a new congressional report that stands at odds with the FBI’s push to install backdoors into tech products.
On Tuesday, a bipartisan congressional panel published a year-end report, advising the U.S. to explore other solutions to the encryption debate.
“Any measure that weakens encryption works against the national interest,” the report said.
The congressional panel formed back in March, amid the FBI’s public battle with Apple over trying to gain access to a locked iPhone belonging to the San Bernardino shooter.
Tuesday’s report essentially sides with Apple and its stance that strong encryption is vital for security. But the report also acknowledged that the technology has become an obstacle for law enforcement agencies when investigating crimes.
However, forcing U.S. companies to compromise their encryption wouldn’t necessarily solve the problem. Consumers and bad actors, for instance, would likely choose to use more secure products offered by foreign companies, the report said.
“Congress cannot stop bad actors — at home or overseas — from adopting encryption,” the report added.
Lobbying groups from the tech sector welcomed Tuesday’s report. The Computer and Communications Industry Association said weakening encryption would be “shortsighted.”
“(It) would play directly into the hands of those who would do us harm,” said association president Ed Black in an email.
Tuesday’s report advises that congressional committees explore other measures to help law enforcement agencies with their investigations. Among the suggestions was examining the use of “legal hacking” to break into tech products.
Rather than build backdoors into tech products, law enforcement can consider exploiting flaws in secure products that already exist, the report said.
The FBI resorted to this approach when it hired an unknown third-party to hack into the passcode-protected iPhone from the San Bernardino shooter. The agency’s director has suggested the FBI paid more than $1 million for the hacking tool involved.
However, any legal hacking would raise other questions, like if and when a law enforcement agency should alert tech companies about these vulnerabilities, the report said.
News agencies have already sued the FBI, demanding details over how it gained access to the San Bernardino shooter's iPhone.
Other measures Congress can explore include legally compelling criminal suspects to unlock their smartphones and finding better ways to use metadata analysis in law enforcement investigations.
Tuesday's report also emphasized the need for both the tech industry and law enforcement to foster cooperation, despite past tensions between the two sides.
"This can no longer be an isolated or binary debate. There is no 'us versus them,'" the report said.
The FBI didn’t immediately respond to a request for comment.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.