The Congressional Encryption Working Group (EWG) released a year-end report this week stating specifically that, “strong encryption is essential to both individual privacy and national security.” This leaves me with hope, even though the report contained a few mixed messages.
The Encryption Working Group
The EWG was set up by the House Judiciary Committee and House Energy and Commerce Committee to (re)study the subject of encryption. Much of the group’s work represented in this report was precipitated by the epic fight in 2016 between the FBI and Apple over access to a locked iPhone used by a dead terrorist in late 2015.
Membership of the 10-member group is half Republican and half Democrat, and their job is to do a deep dive into encryption on behalf of their committees. Their work would, in theory, be used to help develop legislation coming out of either committee.
In other words, the EWG is sort of a focus group tasked with doing the heavy lifting in understanding encryption.
You can read the full report on Patently Apple, which posted the full document to Sribd.
The Good in the Report
There was a lot of good stuff in this report. Specifically, it openly embraced the reality that if governments have backdoor keys to encryption, it’s worthless. Here’s a representative quote:
Cryptography experts and information security professionals believe that it is exceedingly difficult and impractical, if not impossible, to devise and implement a system that gives law enforcement exceptional access to encrypted data without also compromising security against hackers, industrial spies, and other malicious actors.
That is about as accurate as you could possibly hope for. Here’s another, which was the headline piece for what the EWG called “Observation #1:”
Any measure that weakens encryption works against the national interest.
That’s an important point, one that General Michael Hayden and members of the intelligence community have said publicly for years. While you, dear reader, and I might be most concerned about keeping our own data safe from hackers and thieves, the national interest and national security will weigh more heavily on Congress.
There is much more about the importance of encryption in the full report.
The Not So Good in the Report
Also on the accurate side of the report (from my perspective) is direct acknowledgment that, “the widespread adoption of encryption has had a profound impact on the law enforcement community.” This is true, absolutely.
From there, however, we get into mixed messages. For instance, the next quote includes one of the most powerful statements on the need for encryption, but it’s followed by a completely contradictory statement about law enforcement.
Congress should not weaken this vital technology because doing so works against the national interest. However, it should not ignore and must address the legitimate concerns of the law enforcement and intelligence communities
Heretofore, legions of people far smarter than me have concluded there’s no compromise on encryption. It’s hard to see how, when it comes to encryption, you can “address the legitimate concerns” of law enforcement.
There are other similarly contradictory statements throughout the report.
Proposals from the EWG
To be fair the report does outline some steps that would help law enforcement, but those steps don’t specifically address encryption. They include:
- Creating unspecified “tools” to help law enforcement know what they can and can’t do
- Possibly modifying warrant procedures in an unspecified manner
- Clarifying warrant procedures
- Reminding law enforcement that there are a crap ton of tools already at their disposal that don’t require screwing the nation (and the planet) on encryption
- “Modernizing the National Domestic Communications Assistance Center” in an unspecified manner
Those proposals are solid and common sense—if vague. And, they don’t address the friction between law enforcement and encryption. As noted above, that’s because there is no addressing that friction. If we’re to be safe from the bad guys, law enforcement is going to have a harder job. That’s all there is to it.
A New Hope
Reading this report gives me new hope that Congress won’t mess encryption up. While some members of Congress steadfastly side with the “Of course law enforcement should be able to get at encrypted data” camp—Trey Gowdy (R-SC) and Jim Senssenbrenner (R-WI) spring to mind—the EWG appears to have listened to the people who actually understand this stuff.