[Cryptography] Senator Burr: Stopping Terrorists From 'Going Dark'
Henry Baker
hbaker1 at pipeline.com
Mon Dec 28 16:21:05 EST 2015
FYI --
'Sen. Elizabeth Warren wrote letters to six federal agencies voicing concerns that banks were using Symphony, an encrypted messaging system that could prevent regulators from detecting illegal activities.'
'the banks agreed to store decryption keys with independent custodians, and Symphony agreed to retain electronic communications for seven years.'
http://www.wsj.com/articles/stopping-terrorists-from-going-dark-1450914378
The Debate Over Encryption: Stopping Terrorists From 'Going Dark'
Encrypted devices block law enforcement from collecting evidence. Period.
By RICHARD BURR
Dec. 23, 2015 6:46 p.m. ET
While the terrorist attacks in Paris, San Bernardino, Calif., and Garland,
Texas, have brought discussions about encryption to the front pages, criminals
in the U.S. have been using this technology for years to cover their tracks.
The time has come for Congress and technology companies to discuss how
encryption--encoding messages to protect their content--is enabling murderers,
pedophiles, drug dealers and, increasingly, terrorists.
Consumer information should be protected, and the development of stronger and
more robust levels of encryption is necessary. Unfortunately, the protection
that encryption provides law-abiding citizens is also available to criminals
and terrorists. Today's messaging systems are often designed so that companies'
own developers cannot gain access to encrypted content--and, alarmingly, not
even when compelled by a court order. This allows criminals and terrorists, as
the law enforcement community says, to "go dark" and plot with abandon.
Leaving aside the terrorism challenges, encryption is affecting the
investigations of kidnapping, child pornography, gang activity and other
crimes. Federal, state, local and tribal law-enforcement officers can obtain
legal authority to conduct electronic communications surveillance on terrorists
and criminals. But encrypted devices and applications sometimes block access to
the data. This means that even when the government has shown probable cause
under the Fourth Amendment, it cannot acquire the evidence it seeks.
Technology has outpaced the law. The core statute, the Communications
Assistance for Law Enforcement Act, was enacted in 1994, more than a decade
before the iPhone existed. The law requires telecommunications carriers--for
instance, phone companies--to build into their equipment the capability for law
enforcement to intercept communications in real time. The problem is that it
doesn't apply to other providers of electronic communications, including those
supporting encrypted applications.
Federal Bureau of Investigation Director James Comey has said that one of the
two Garland, Texas, shooters who died carrying out an attack on a Muhammad art
exhibit in May exchanged 109 messages with an operative overseas. "We have no
idea what he said," Mr. Comey told the Senate this month, "because those
messages were encrypted." He described this as a "big problem"--and I couldn't
agree more.
Last month Manhattan District Attorney Cyrus R. Vance Jr. released an in-depth
report specifically on "smartphone encryption and public safety." Many
cellphones, including those designed by Apple and Google, now encrypt by
default all the data they store, which is accessible only with a passcode.
No one, not even the manufacturer, can access a passcode-locked phone. Apple
has even touted this as a feature, telling customers that "it's not technically
feasible for us to respond to government warrants for the extraction of this
data from devices." The report states that "passcode-protected devices render
lawful court orders meaningless and encourage criminals to act with impunity.
The ultimate losers in this equation are crime victims."
The authors conclude: "Congress should enact a statute that requires any
designer of an operating system for a smartphone or tablet manufactured,
leased, or sold in the U.S. to ensure that data on its devices is accessible
pursuant to a search warrant. Such a law would be well within Congress's
Commerce Clause powers, and does not require costly or difficult technological
innovations."
The challenges presented by encryption extend to financial transactions. In
August Sen. Elizabeth Warren wrote letters to six federal agencies voicing
concerns that banks were using Symphony, an encrypted messaging system that
could prevent regulators from detecting illegal activities. The letter came
shortly after New York's top banking regulator, the New York State Department
of Financial Services, raised the same concern with several major banks and
Symphony's developer.
In response, the banks agreed to store decryption keys with independent
custodians, and Symphony agreed to retain electronic communications for seven
years. All parties also agreed to a periodic review process to make sure that
oversight keeps in sync with new technologies.
It would seem to me that daily financial flows shouldn't command more attention
than terrorist or criminal communications, yet here we are. Although the
agreement described above may not be the solution for all encrypted
communications, it does show that cooperative solutions are possible.
I and other lawmakers in Washington would like to work with America's leading
tech companies to solve this problem, but we fear they may balk. When Apple
objected to a recent court order in a New York criminal case requiring it to
unlock an iPhone running iOS 7--an operating system that Apple can unlock--the
company refused, arguing: "This is a matter for Congress to decide." On that
point, Apple and I agree. It's time to update the law.
Mr. Burr, a Republican senator from North Carolina, is the chairman of the
Senate Select Committee on Intelligence.
More information about the cryptography
mailing list