U.S. lawmakers are skeptical of an FBI request for Congress to mandate encryption workarounds in smartphones, with critics saying Wednesday that back doors would create new vulnerabilities that bad guys can exploit.
It's currently impossible for smartphone makers to build in back doors that allow law enforcement agencies access to encrypted communications but also keep out cybercriminals, witnesses and lawmakers said during a hearing before the IT subcommittee of the House of Representatives' Oversight and Government Reform Committee.
Law enforcement representatives called on lawmakers to find a way to allow access to encrypted data as a way to prevent serious crime. Late last year, FBI Director James Comey called for a public debate on encryption after Apple and Google announced they would offer new encryption tools on their smartphone OSes.
But most lawmakers questioned the need for encryption workarounds. Building in back doors for encryption on smartphones would be "technologically stupid," said Representative Ted Lieu, a California Democrat with a background in computer science. Apple and Google have responded to public demand for encryption because of an "out-of-control surveillance state," he added.
With all kinds of unencrypted digital information and tracking technologies available to law enforcement agencies, police are living in a "golden age of surveillance," added Representative Jason Chaffetz, a Utah Republican and committee chairman. "We're certainly not going to go dark, and in some ways, we've never been brighter."
Congress needs to find the right balance between privacy and national security, but building back doors in encryption would be similar to "drilling a hole in a windshield," Chaffetz said. If Apple can figure out how to circumvent smartphone users' encryption, "so can the nefarious folks in a van down by the river," he said.
The FBI doesn't need to hold the keys to encrypted information on smartphones, but policymakers and the technology industry need to figure out a way to allow law enforcement access to criminals' devices when a judge issues a warrant, said Amy Hess, executive assistant director at the FBI's Science and Technology Branch. Tech companies should implement encryption workarounds in the product "design phase," she said.
When criminals are storing information on encrypted devices, the process of obtaining search warrants may be "an exercise in futility," Hess said. The FBI believes that "no one in this country should be beyond the law," she added. "The notion that a suspected criminal's closet could never be opened, or his phone could never be unlocked, even with properly obtained legal authority, is troubling."
Police have used information on smartphones to investigate many crimes, including child pornography and human trafficking, added Daniel Conley, district attorney in Boston. He called on Congress to require smartphone makers to allow law enforcement access to encrypted data and on technology companies to come up with new ways to allow law enforcement access to data.
Police agencies need access to digital information to solve crimes, and they don't otherwise track people, he added. "We don't monitor websites where people visit or aggregate data about people's personal health, wealth or shopping habits," Conley said. "That, frankly, is the purview of companies like Apple and Google."
Conley had harsh words for data collection by technology companies. "Their nominal commitment to privacy rights would be far more credible if they were forbidding themselves access to their customers' interests, search terms and consumer habits, but as we all know, they're taking full advantage of their customers' private data for commercial purposes," he added.
Other witnesses at the hearing said encryption workarounds would cause serious problems for technology vendors. U.S. smartphone apps that allow back doors would likely be banned in many European countries, said Jon Potter, president of the Application Developers Alliance. In addition, if the U.S. demands encryption back doors, other countries will follow suit, he said.
"Nearly every digital business wants to be global," he said. "But mandatory government back doors may spark a trade war and imprison businesses in their home country."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is email@example.com.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.