PINDROP BLOG

‘Putting in a Back Door Isn’t the Solution’ to Encryption Debate

Rep. Michael McCaul, the chairman of the House Committee on Homeland Security, said forcing vendors to install backdoors or intentionally weakened encryption in their products is not the solution to the disagreement over law enforcement access to encrypted devices and said there needs to be international standards for how the problem is handled.

McCaul (R-Texas), speaking during a cybersecurity event sponsored by the United States Chamber of Commerce, said that while the Apple-FBI fight was going on earlier this year, he agreed with the prevailing sentiment in law enforcement and government at the time, which was that Apple should accede to the FBI’s demands. That would have meant building a compromised version of iOS that the fBI could load onto an iPhone used by a dead terrorist, something that Apple executives refused to do.  The FBI eventually paid a third party for a technique that was able to give the bureau access to the phone without Apple’s help.

“The easy knee-jerk solution I thought was let’s just put a back door in everyone’s iPhone that law enforcement can access. Simple, makes sense,” McCaul said.

“Putting in a back door isn’t the solution.”

However, McCaul said he realized that method might solve the problem at hand, but it would create many more down the road.

“Putting in a back door isn’t the solution. People don’t want the government to have access to their data. The government was asking Apple to put in codes to create a vulnerability that would kill their product. We think there’s a better way and a better solution to doing that.”

Pressure from the government to install weakened encryption or other access mechanisms could actually wind up encouraging vendors such as Apple or Google to move their operations to other countries, McCaul said. Apple iPhones are manufactured in China, but designed in the United States, and Android devices are built in many different countries. McCaul said his discussions with cryptographers and other experts have shifted his thinking on how the encryption question should be handled.

“I don’t see it as privacy versus security. I see it as security versus security,” he said. “I don’t want to weaken encryption and drive these companies offshore.”

Speaking earlier in the day, DJ Johnson, associate executive assistant director of the FBI, said he doesn’t see a clear answer, either.

“I don’t know what the resolution is to be perfectly honest with you. Clearly it’s impacting the work the FBI does. Default encryption has increased the amount of information and data the FBI can’t access even when we have a court order,” Johnson said.

As the debate continues, McCaul warned that lawmakers need to develop a strategy for dealing with this problem before it becomes an immediate problem. He suggested the need for a congressional commission to address the encryption issue.

“I believe we’re going to see an attack in the United States where they’re going to find these devices with encryption used to communicate. And what’s Congress going to do then? I don’t want to be in a knee-jerk situation,” McCaul said.

“Congress has to have a solution to this. There should be international standards and norms, just as there should be with cybersecurity. There’s no consequences in cyberspace.”

Image from Flickr stream of Mark Turnauckas