[Cryptography] Senator Burr: Stopping Terrorists From 'Going Dark'

Henry Baker hbaker1 at pipeline.com
Mon Dec 28 16:21:05 EST 2015 

FYI --

'Sen. Elizabeth Warren wrote letters to six federal agencies voicing concerns that banks were using Symphony, an encrypted messaging system that could prevent regulators from detecting illegal activities.'

'the banks agreed to store decryption keys with independent custodians, and Symphony agreed to retain electronic communications for seven years.'

http://www.wsj.com/articles/stopping-terrorists-from-going-dark-1450914378

The Debate Over Encryption: Stopping Terrorists From 'Going Dark'

Encrypted devices block law enforcement from collecting evidence.  Period.

By RICHARD BURR

Dec. 23, 2015 6:46 p.m. ET

While the terrorist attacks in Paris, San Bernardino, Calif., and Garland, 
Texas, have brought discussions about encryption to the front pages, criminals 
in the U.S. have been using this technology for years to cover their tracks. 
The time has come for Congress and technology companies to discuss how 
encryption--encoding messages to protect their content--is enabling murderers, 
pedophiles, drug dealers and, increasingly, terrorists.

Consumer information should be protected, and the development of stronger and 
more robust levels of encryption is necessary.  Unfortunately, the protection 
that encryption provides law-abiding citizens is also available to criminals 
and terrorists.  Today's messaging systems are often designed so that companies' 
own developers cannot gain access to encrypted content--and, alarmingly, not 
even when compelled by a court order.  This allows criminals and terrorists, as 
the law enforcement community says, to "go dark" and plot with abandon.

Leaving aside the terrorism challenges, encryption is affecting the 
investigations of kidnapping, child pornography, gang activity and other 
crimes.  Federal, state, local and tribal law-enforcement officers can obtain 
legal authority to conduct electronic communications surveillance on terrorists 
and criminals.  But encrypted devices and applications sometimes block access to 
the data.  This means that even when the government has shown probable cause 
under the Fourth Amendment, it cannot acquire the evidence it seeks.

Technology has outpaced the law.  The core statute, the Communications 
Assistance for Law Enforcement Act, was enacted in 1994, more than a decade 
before the iPhone existed.  The law requires telecommunications carriers--for 
instance, phone companies--to build into their equipment the capability for law 
enforcement to intercept communications in real time.  The problem is that it 
doesn't apply to other providers of electronic communications, including those 
supporting encrypted applications.

Federal Bureau of Investigation Director James Comey has said that one of the 
two Garland, Texas, shooters who died carrying out an attack on a Muhammad art 
exhibit in May exchanged 109 messages with an operative overseas.  "We have no 
idea what he said," Mr. Comey told the Senate this month, "because those 
messages were encrypted."  He described this as a "big problem"--and I couldn't 
agree more.

Last month Manhattan District Attorney Cyrus R. Vance Jr. released an in-depth 
report specifically on "smartphone encryption and public safety."  Many 
cellphones, including those designed by Apple and Google, now encrypt by 
default all the data they store, which is accessible only with a passcode. 

No one, not even the manufacturer, can access a passcode-locked phone.  Apple 
has even touted this as a feature, telling customers that "it's not technically 
feasible for us to respond to government warrants for the extraction of this 
data from devices."  The report states that "passcode-protected devices render 
lawful court orders meaningless and encourage criminals to act with impunity. 
The ultimate losers in this equation are crime victims."

The authors conclude: "Congress should enact a statute that requires any 
designer of an operating system for a smartphone or tablet manufactured, 
leased, or sold in the U.S. to ensure that data on its devices is accessible 
pursuant to a search warrant.  Such a law would be well within Congress's 
Commerce Clause powers, and does not require costly or difficult technological 
innovations."

The challenges presented by encryption extend to financial transactions.  In 
August Sen. Elizabeth Warren wrote letters to six federal agencies voicing 
concerns that banks were using Symphony, an encrypted messaging system that 
could prevent regulators from detecting illegal activities.  The letter came 
shortly after New York's top banking regulator, the New York State Department 
of Financial Services, raised the same concern with several major banks and 
Symphony's developer.

In response, the banks agreed to store decryption keys with independent 
custodians, and Symphony agreed to retain electronic communications for seven 
years.  All parties also agreed to a periodic review process to make sure that 
oversight keeps in sync with new technologies.

It would seem to me that daily financial flows shouldn't command more attention 
than terrorist or criminal communications, yet here we are.  Although the 
agreement described above may not be the solution for all encrypted 
communications, it does show that cooperative solutions are possible.

I and other lawmakers in Washington would like to work with America's leading 
tech companies to solve this problem, but we fear they may balk.  When Apple 
objected to a recent court order in a New York criminal case requiring it to 
unlock an iPhone running iOS 7--an operating system that Apple can unlock--the 
company refused, arguing: "This is a matter for Congress to decide." On that 
point, Apple and I agree.  It's time to update the law.

Mr. Burr, a Republican senator from North Carolina, is the chairman of the 
Senate Select Committee on Intelligence.

More information about the cryptography mailing list