After New York and California tried to pass bills that ban phones from using disk encryption that only the device owners can decrypt, senator John McCain wants to ban all encryption that can’t be decrypted by companies and the government at the federal level.
McCain called for new legislation that would not regulate a backdoor into technology services, but instead would prevent companies from adopting end-to-end encryption. Companies would have to always keep the key that would decrypt the users’ data anytime the government requests it.
This could stifle some innovations, not just in messaging platforms, but also in industries such as healthcare, where new technologies have appeared that would either allow patients to be the only ones that can decrypt their medical records, or it would allow companies to encrypt the data in a way that they could still use the data in aggregate, but they wouldn’t be able to look at individual records.
Such systems could ensure that the data is essentially unhackable. This type of technology could prevent many of the large data breaches we’ve seen over the past two years, where hundreds of millions of people had their information stolen.
Senator McCain dismissed this as a concern, and actually seems to believe that such encryption is harmful to security, not helpful:
“We have to encourage companies and individuals who rely on encryption to recognize that our security is threatened, not encouraged, by technologies that place vital information outside the reach of law enforcement. Developing technologies that aid terrorists like Islamic State is not only harmful to our security, but it is ultimately an unwise business model.”
The Senator didn’t explain why exactly strong encryption would be an “unwise” business model for companies. So far, strong encryption seems to have worked quite well for companies such as Apple, who have pushed forward on the technology despite calls from FBI’s chief, James Comey, to remove that type of encryption from iPhones and iPads.
Senator McCain also warned that we shouldn’t allow “safe spaces” for terrorists online. This is a message that has also been mirrored by Comey, as well as the UK’s Home Secretary, Theresa May, who has been promoting the Investigatory Powers bill that tries to force companies to “remove encryption” when asked by the government.
However, a recent study called Don’t Panic: Making Progress on the “Going Dark” Debate (pdf) by Harvard researchers as well as civil libertarians, NSA officials, and a former Director of the National Counterterrorism Center under President Obama and a general counsel for the NSA, said that the FBI’s focus on encryption is too narrow. There are already many other tools that can be used for surveillance, and these tools are only going to grow in number in the near future as all Internet of Things (IoT) devices become “smart.” Even if people use encryption, there will be increasingly smaller places in which to hide, and therefore fewer “safe spaces,” as Senator McCain and others call them.
Former NSA chief Michael Hayden has also repeatedly said that the U.S. should adopt strong encryption, not fight it. Perhaps the reasons why the NSA is pro-encryption is because the people working there know how important cybersecurity is, but also because they know that encryption can be bypassed one way or another. In other words, the NSA must have a much broader view on encryption than the FBI does, not unlike what the Harvard study suggested everyone should have.
"To be sure, encryption and provider-opaque services make surveillance more difficult in certain cases, but the landscape is far more variegated than the [going dark] metaphor suggests. There are and will always be pockets of 10 dimness and some dark spots – communications channels resistant to surveillance – but this does not mean we are completely ‘going dark.’ Some areas are more illuminated now than in the past and others are brightening," read the paper in part.
Senate Intelligence leader Richard Burr, and his high-ranking member, Dianne Feinstein, have already said that they are working on a bill that would guarantee law enforcement access to encrypted data. However, House Intelligence leaders haven't shown much willingness to support such a bill so far.
Senators McCain, Feinstein, and Burr voted for the Patriot Act and FISA and all related extensions over the past 15 years. They also all voted against the minor surveillance reforms in the USA Freedom Act, which barely managed to pass the Senate last year.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.