30 Nov

Fights over Internet encryption extend from Paris to privacy

This month’s terrorist gunfire in Paris echoed around the world, and could be heard quickly in the long-running, nonstop argument of how closely the U.S. government can monitor its own citizens.

Almost immediately, CIA director John Brennan complained to a group in Washington that, “in the past several years, because of a number of unauthorized disclosures and a lot of hand-wringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that are taken that make our ability collectively, internationally, to find these terrorists much more challenging.”

Or, as Sen. Ron Wyden, D-Ore., put it in an interview, “As soon as Paris happened, Brennan was right there complaining that Congress is taking away tools” that could protect Americans.
“The facts just clearly reveal otherwise.”

For more than a decade, Wyden, a senior member of the Senate intelligence committee, has been a loud congressional voice challenging government surveillance activities, an effort leading to Congress’ recent banning mass surveillance of Americans’ telephone habits. In March, Wyden cast the only vote against the committee’s endorsing the new Cybersecurity Information Sharing Act, providing a route for companies to share on-line data with the government, which the Senate passed last month.

He’s holding his line.

“It’s very obvious, in the passion of the moment, we’re clearly having some knee-jerk responses,” says Wyden. “We’ll see how serious John Brennan is about trying to revisit mass surveillance.”

At bottom, Wyden’s certain, “The American people want safety, and they want liberty.” Sacrificing one for the other, he warns, leads to a “lose-lose” outcome.

On Brennan’s resistance to the congressional ban on mass collection of metadata – records of who was called, when and for how long – Wyden reads repeatedly from page 104 of the report of a presidential commission studying Patriot Act intelligence collection: “The information contributed to terrorist investigations by the use of section 215 telephony metadata was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.”

On the other hand, the data did fill up a lot of government hard drives.

The Paris massacre has focused more attention on another high-tech theme, data encryption, an issue heightened by massive hackings of both corporate and government data bases. The CISA Act provides a way for companies to provide encrypted data to government, but some intelligence sources are also seeking more: encryption keys given to government agencies to let them get in themselves.

Reports have spread of the Paris terrorists allegedly “going dark” in the days before the attack, meaning turning to communications law enforcement couldn’t follow. “There are a lot of technological capabilities that are available right now,” says Brennan, “that make it exceptionally difficult both technically as well as legally for intelligence security services to have the insight they need to uncover it.” To some in law enforcement and counterintelligence, encryption keys have a powerful allure.

Wyden has led the opposition, with the support of privacy advocates and some major tech companies, such as Apple and Twitter. He has argued not only on the Senate floor and in committee, but – appropriately enough – extensively on-line. “Security experts have shown again and again,” he wrote on Medium.com last week, “that weakening encryption will make it easier for foreign hackers, criminals and spies to break into Americans’ bank accounts, health records and phones, without preventing terrorists from ‘going dark.’”

Considering hackers’ success in getting into protected sites, it’s hard for Wyden to imagine that they couldn’t get to the encryption keys. “Encryption back doors,” he said in a recent interview, “would do more to harm American security than anything else.”

Last week, the web site TechCrunch reported that the encryption battle wasn’t taking Thanksgiving off, citing a Wall Street Journal report that the Obama administration – which in October had opposed encryption keys for government – was reopening conversations with Silicon Valley companies on the subject.

They might be challenging conversations. “The reality is that if you have an open door in your software for the good guys, the bad guys get in there, too,” Apple CEO Tim Cook told NPR in October. “I don’t support a back door for any government, ever.”

Immediate reaction to 9/11 produced the Patriot Act, which then took years to clean up, and the argument now is over the immediate reaction to Paris. “That’s what you can expect when everybody comes back Nov. 30,” predicted Wyden just before the Thanksgiving recess.

Following that fight won’t take an encryption key.

NOTE: This column appeared in The Sunday Oregonian, 11/29/15.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>