With a new president and Congress entering Washington, D.C., the encryption debate will shift dramatically from what it looked like just one year ago during the height of the fight between Apple and FBI.
With a bipartisan congressional consensus building against backdoors, the focus will move significantly toward giving law enforcement and intelligence agencies more resources, tools and legal means for offensive hacking in order to access whatever encrypted data comes into their crosshairs.
“Encryption backdoors will be one of the major things we will pick up in the new Congress,” Rep. Darrell Issa, R-Calif., said during the 2017 CES conference in Las Vegas last week. A a member of the House Encryption Working Group that warned strongly against weakening encryption last year, Issa warned that an array of national security justifications will continue to be used in the debate over unfettered government access.
“If that doesn’t scare a lot of the people in this room, learn more about encryption,” he said.
But none of the lawmakers at the technology conference thought back doors were the most likely outcome of the debate.
“Legislation is not needed,” Rep. Will Hurd, R-Texas, a former CIA officer and one of the few congressman with a computer science degree. “We are not going to legislate backdoors.”
“It seems there is bipartisan consensus against encryption backdoors,” Rep. Eric Swalwell, D-Calif., said. “The solution is to give FBI the best tools possible.”
The lawmakers want more funding and resources pushed to government hackers in order to fend off the myriad global targets and threats.
The most high-profile encryption debate so far, Apple vs. FBI, is being held up as an example of a possible increase in funding. After months of clashes between law enforcement and the tech community, the FBI ended up buying an exploit from a third party vendor that allowed them to unlock the iPhone of one of the shooters in the deadly San Bernardino attack. The purchased exploit circumvented the need for a backdoor engineered by Apple.
“Does anyone truly believe there’s a widget that’s impenetrable to attack?” Hurd said.
FBI Director James Comey has said the vulnerability was very expensive. We don’t know the exact price, but it was under $1 million. Hurd, however, argued that the price on specific operations shouldn’t be a focus when it comes to this national security issue.
That’s not to say the encryption date is suddenly over. Comey and his allies have made clear that it will be a flashpoint again in 2017.
“I can’t resist talking about encryption and going dark,” he said last year at the Symantec Government Symposium.
One massive wild card in such a debate is another terrorist attack. In much the same way that the San Bernardino shooting helped trigger the Apple vs. FBI fight over iPhone encryption, there is great worry among encryption-defenders that another attack could upend the debate in Washington and around the country.
“We have to be thoughtful about security but we can’t overreact,” Issa said.
Among the congressmen at CES, there was also bipartisan consensus that President-elect Donald Trump had no idea what he was talking about when it came to the most important technology issues facing Washington, but is building an administration filled with advisers who possess the right pedigree.
“The technocrats brought in will make policy,” Hurd said.
Trump’s team did not reply to a request for comment. The president-elect himself has made a series of statements hostile to encryption including calling for a boycott of Apple during the high profile encryption debate last year. Trump never mentioned the boycott again.
A fight over expanding government hacking erupted last year over went into effect that make it easier for the government to hack into potentially millions of computers, as well as to obtain warrants for computers when the location is unknown. While the adoption of Rule 41 provoked criticism from privacy advocates and senators, the Department of Justice celebrated the “good news” of its passing.
The move toward greater funding for hacking comes as Senate Armed Services Chairman John McCain, R-Ariz., and House Armed Services Chairman Mac Thornberry, R-Texas, are expected to push for an increase the national defense budget to $640 billion, according to Politico. Much of the money will go toward a larger Navy, Army and Marine Corps. It’s not difficult to imagine significant resources going toward cyber in various arenas, but there are no specifics available yet.
There’s a blurred and shifting line between law enforcement, military and intelligence agencies — some organizations qualify as all three and much is shared between the different groups — that makes it tricky this early in 2017 to disentangle exactly what the new funding would go toward. More specific answers will emerge over the course of the year.