Senator McCain Calls For End-To-End Encryption Ban In US

After New York and California tried to pass bills that ban phones from using disk encryption that only the device owners can decrypt, senator John McCain wants to ban all encryption that can’t be decrypted by companies and the government at the federal level.

McCain called for new legislation that would not regulate a backdoor into technology services, but instead would prevent companies from adopting end-to-end encryption. Companies would have to always keep the key that would decrypt the users’ data anytime the government requests it.

This could stifle some innovations, not just in messaging platforms, but also in industries such as healthcare, where new technologies have appeared that would either allow patients to be the only ones that can decrypt their medical records, or it would allow companies to encrypt the data in a way that they could still use the data in aggregate, but they wouldn’t be able to look at individual records.

Such systems could ensure that the data is essentially unhackable. This type of technology could prevent many of the large data breaches we’ve seen over the past two years, where hundreds of millions of people had their information stolen.

Senator McCain dismissed this as a concern, and actually seems to believe that such encryption is harmful to security, not helpful:

“We have to encourage companies and individuals who rely on encryption to recognize that our security is threatened, not encouraged, by technologies that place vital information outside the reach of law enforcement. Developing technologies that aid terrorists like Islamic State is not only harmful to our security, but it is ultimately an unwise business model.”

The Senator didn’t explain why exactly strong encryption would be an “unwise” business model for companies. So far, strong encryption seems to have worked quite well for companies such as Apple, who have pushed forward on the technology despite calls from FBI’s chief, James Comey, to remove that type of encryption from iPhones and iPads.

Senator McCain also warned that we shouldn’t allow “safe spaces” for terrorists online. This is a message that has also been mirrored by Comey, as well as the UK’s Home Secretary, Theresa May, who has been promoting the Investigatory Powers bill that tries to force companies to “remove encryption” when asked by the government.

However, a recent study called Don’t Panic: Making Progress on the “Going Dark” Debate (pdf) by Harvard researchers as well as civil libertarians, NSA officials, and a former Director of the National Counterterrorism Center under President Obama and a general counsel for the NSA, said that the FBI’s focus on encryption is too narrow. There are already many other tools that can be used for surveillance, and these tools are only going to grow in number in the near future as all Internet of Things (IoT) devices become “smart.” Even if people use encryption, there will be increasingly smaller places in which to hide, and therefore fewer “safe spaces,” as Senator McCain and others call them.

Former NSA chief Michael Hayden has also repeatedly said that the U.S. should adopt strong encryption, not fight it. Perhaps the reasons why the NSA is pro-encryption is because the people working there know how important cybersecurity is, but also because they know that encryption can be bypassed one way or another. In other words, the NSA must have a much broader view on encryption than the FBI does, not unlike what the Harvard study suggested everyone should have.

"To be sure, encryption and provider-opaque services make surveillance more difficult in certain cases, but the landscape is far more variegated than the [going dark] metaphor suggests. There are and will always be pockets of 10 dimness and some dark spots – communications channels resistant to surveillance – but this does not mean we are completely ‘going dark.’ Some areas are more illuminated now than in the past and others are brightening," read the paper in part.

Senate Intelligence leader Richard Burr, and his high-ranking member, Dianne Feinstein, have already said that they are working on a bill that would guarantee law enforcement access to encrypted data. However, House Intelligence leaders haven't shown much willingness to support such a bill so far.

Senators McCain, Feinstein, and Burr voted for the Patriot Act and FISA and all related extensions over the past 15 years. They also all voted against the minor surveillance reforms in the USA Freedom Act, which barely managed to pass the Senate last year.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+RSSTwitter and YouTube.

Create a new thread in the News comments forum about this subject
This thread is closed for comments
40 comments
    Your comment
    Top Comments
  • RIPPEDDRAGON
    To summarize, remove encryption from business because you can enforce it easily and leaving companies more vulnerable than today. Lets just let Chinese gvt hackers right in and build these "back doors" that no one other than the "good guys" will find...ROFL WTF I don't know how he plans on stopping terrorists from working on their own devices and encrypting them... Its takes minutes to install an app and start chatting encrypted or to encrypt your phone. There are so many different levels and types of encryption and he sees it as a scary blanket term that terrorists use to hide from the US. Too bad YOU CANT STOP MATH Mc Cain.

    I am guessing Mc Cain needs a rotary dial app on his phone just so he can use it.
    19
  • scannall
    What security is threatened? Spell it out please, and provide examples where something was actually prevented by having access to someone's private data. "Our security is threatened" is a rather nebulous thing, more to spread fear than being actually productive.

    End to end encryption overall is good for both personal and national security. No backdoors means there is nothing to hack into for either good guys or bad guys. And last time I checked, the bad guys are pretty adept at getting into things.

    So the US gets their backdoor, all rosy just for them. Then China demands one, followed by say India. Who and how do you tell someone they can't have a backdoor once the camels nose is under the tent?

    Not to mention economic harm to American tech companies trying to sell their products overseas.
    18
  • Pedasc
    I don't understand the reasoning here. Even if they stop companies from using end-to-end encryption what is there in place to stop the terrorists from creating their own encryption programs? I doubt it would even take someone with enough tech savvy very long to come up with a way that would circumvent this and protect themselves. They are probably already doing this just out of shear paranoia. This only seems to expose legitimate companies to possible spying.
    12
  • Other Comments
  • RIPPEDDRAGON
    To summarize, remove encryption from business because you can enforce it easily and leaving companies more vulnerable than today. Lets just let Chinese gvt hackers right in and build these "back doors" that no one other than the "good guys" will find...ROFL WTF I don't know how he plans on stopping terrorists from working on their own devices and encrypting them... Its takes minutes to install an app and start chatting encrypted or to encrypt your phone. There are so many different levels and types of encryption and he sees it as a scary blanket term that terrorists use to hide from the US. Too bad YOU CANT STOP MATH Mc Cain.

    I am guessing Mc Cain needs a rotary dial app on his phone just so he can use it.
    19
  • Pedasc
    I don't understand the reasoning here. Even if they stop companies from using end-to-end encryption what is there in place to stop the terrorists from creating their own encryption programs? I doubt it would even take someone with enough tech savvy very long to come up with a way that would circumvent this and protect themselves. They are probably already doing this just out of shear paranoia. This only seems to expose legitimate companies to possible spying.
    12
  • scannall
    What security is threatened? Spell it out please, and provide examples where something was actually prevented by having access to someone's private data. "Our security is threatened" is a rather nebulous thing, more to spread fear than being actually productive.

    End to end encryption overall is good for both personal and national security. No backdoors means there is nothing to hack into for either good guys or bad guys. And last time I checked, the bad guys are pretty adept at getting into things.

    So the US gets their backdoor, all rosy just for them. Then China demands one, followed by say India. Who and how do you tell someone they can't have a backdoor once the camels nose is under the tent?

    Not to mention economic harm to American tech companies trying to sell their products overseas.
    18