By Joseph Marks
Senate Judiciary Committee Chairman Lindsey Graham, (R-S.C). (AP Photo/J. Scott Applewhite)
Lawmakers are giving big tech firms an ultimatum: Give police access to encrypted communications or we'll force you.
That warning, delivered by senator after senator during a Senate Judiciary Committee hearing yesterday, reflects the fierce anti-encryption mood now reigning on Capitol Hill -- and how the Justice Department's warnings about how the digital protection allows child sex traffickers and other criminals to act with impunity seem to be moving the needle.
“It ain’t complicated for me. You’re going to find a way to do this or we’re going to do it for you,” committee chairman Lindsey Graham (R-S.C.) told representatives from Facebook and Apple. “We’re not going to live in a world where a bunch of child abusers can have a safe haven to practice their craft. Period. End of discussion."
Graham added, "You’re either the solution or you’re the problem.”
Similar warnings came from the committee’s top Democrat, Dianne Feinstein (Calif.) and Republican Sens. Joni Ernst (Iowa), John Cornyn (Texas) and Marsha Blackburn (Tenn.) who charged the companies are “creating a sanctuary” for criminals. “You all have got to get your act together or we will gladly get your act together for you,” Blackburn said.
The lawmakers’ with-us-or-against us approach marks a huge about-face from a few years ago, when Congress seemed more split on whether advanced encryption provided a dangerous haven for criminals or a vital protection for all Americans.
Back in 2016, even Graham warned the Obama Justice Department against trying to legally force Apple to help break into an encrypted iPhone used by San Bernardino shooter Syed Farook, saying the precedent could backfire and damage national security.
“I’m a person who’s been moved by the arguments [about] the damage we may be doing to our national security,” Graham told then-Attorney General Loretta Lynch. Graham’s office didn’t respond to a query asking for details about his shifting position.
The hearing's comments make it more likely the Justice Department will double down on its pivot to focus on the dangers of child sexual exploitation and trafficking, rather than how terrorists could use encrypted communications to plan operations.
Tech companies, meanwhile, are calling lawmakers’ bluff and arguing there’s no technical way to give police access to encryption without letting criminals in, too -- and making their users significantly more vulnerable.
As the hearing began, Facebook released a letter refusing a request from Attorney General William P. Barr to delay expanding encryption across its messaging services, as my colleague Tony Romm reported.
“People’s private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security,” the company wrote.
Barr charged in an open letter to Facebook in October that the company’s adoption of broader encryption could cut the 16.8 million reports of child sexual exploitation and abuse content it delivered to the National Center for Missing and Exploited Children in 2018 to just 5 million or less.
Jay Sullivan, a Facebook privacy executive, countered during the hearing that the company can detect some child exploitation even when account contents are blocked by encryption by monitoring the size and nature of files. Facebook-owned WhatsApp removes about 250,000 encrypted accounts each month for child abuse, he said.
Lawmakers are also riding a wave of public anger at Facebook and other tech companies, following myriad privacy debacles that have compromised the personal information of millions of Americans.
Encryption advocates are fighting back, though, arguing that focusing on criminals fails to acknowledge the danger that billions of non-criminals who use encrypted systems from Facebook, Apple, Google and other companies would face without strong encryption.
Here’s Amie Stepanovich, executive director of Silicon Flatirons, an innovation center at the University of Colorado, Boulder:
Whitehouse asks if Apple is willing to accept liability if someone dies because of encryption.— Amie Stepanovich (@astepanovich) December 10, 2019
Who accepts liability if (when) someone dies because of inadequate/lack of encryption?
For example, I have asked for a focus on making actual adequate legal standards for government hacking. That would be good for CSAM and other investigations and good for people. But even if we had that, we would still fight encryption. LE wants both/all.— Amie Stepanovich (@astepanovich) December 10, 2019
Here’s Johns Hopkins Professor of Strategic Studies Thomas Rid, who argued in advance of the hearings that protecting encryption is more important than the impeachment debate:
Unpopular, hard truth: the future of end-to-end encryption is more important than the future of this administration, and these hearings—yes, there's a low but nonzero probability of meaningful legislation—are probably more significant than this entire impeachment procedure.— Thomas Rid (@RidT) December 6, 2019
PINGED, PATCHED, PWNEDPINGED: Secretary of State Mike Pompeo scrapped with Russian Foreign Minister Sergei Lavrov during a public appearance yesterday after Lavrov denied Russian interference in the 2016 election. Pompeo declared the United States had "shared plenty of facts to show what happened" and that the interference was "unacceptable," my colleagues John Hudson and Anne Gearan report.
“Lavrov said Russia has demanded that the United States provide evidence of election interference, but when asked by a reporter why he doesn’t simply ‘read the Mueller report,’ Lavrov dismissed the suggestion,” my colleagues reported.
President Trump, who has wavered on whether he believes Russia was involved, also warned Lavrov against interference, he said on Twitter. But Lavrov denied that the two discussed election interference during their meeting, The Hill reports.
Just had a very good meeting with Foreign Minister Sergey Lavrov and representatives of Russia. Discussed many items including Trade, Iran, North Korea, INF Treaty, Nuclear Arms Control, and Election Meddling. Look forward to continuing our dialogue in the near future! pic.twitter.com/tHecH9a9ck— Donald J. Trump (@realDonaldTrump) December 10, 2019
Senator Elizabeth Warren REUTERS/Scott Morgan/File Photo
"These problems threaten the integrity of our elections and demonstrate the importance of election systems that are strong, durable and not vulnerable to attack," the group wrote.
The letters were sent by Sens. Elizabeth Warren (D-Mass), Ron Wyden (D-Ore.) Amy Klobuchar (D-Minn.), and Rep. Mark Pocan (D-Wis.) to private equity owners of Election Systems & Software, Dominion Voting Systems, and Hart InterCivic, which control about 90 percent of the voting machine market. Warren, a 2020 presidential candidate, and Pocan are sponsors of Senate and House bills that would impose new transparency requirements on private equity firms.
The lawmakers want to know how much the firms invest in research, development and maintenance that could improve election security.
FILE PHOTO: Former U.S. counterterrorism coordinator Richard Clarke REUTERS/Kevin Lamarque
Reuters previously reported that former U.S. intelligence agents were involved in the project.
The idea for the agency, which would eventually operate under the codename "Project Raven," was to track terrorists, Clarke told Reuters. The participation of Clarke and other former U.S. officials was approved by the State Department and the National Security Agency, he said. Clarke's company Good Harbor Consulting gave up control of the project in 2010 but it continued to employ numerous former U.S. officials after that .
One of Clarke's former partners expressed disgust at how the program evolved.
“I have felt revulsion reading what ultimately happened,” Paul Kurts, Clarke's former partner and former senior director for national security at the White House told Reuters. He called for greater oversight of the use of U.S. cyber talent abroad, something that members of Congress have also pressed for.