The debate over law enforcement access to encrypted communications ought to be over, one of the leading tech-savvy members of Congress said Friday, because police and intelligence agencies can break into almost any device they need.
“There is no such thing as an impenetrable device — doesn’t exist,” said Rep. Will Hurd, R-Texas. “So we gotta stop acting like there is, and we also gotta stop acting as if technology companies are not already incredibly involved in cooperating on counter-terrorism and crime.”
He told an event at the Bipartisan Policy Center that FBI special agents working “on the ground” with technology companies typically say “Our relationship’s amazing.”
His remarks came a few days after FBI General Counsel James Baker admitted for the first time that fewer than one-in-five of phones sent to the bureau’s labs because they’re locked can’t be opened.
In 2,095 out of 6,814 (31 percent) mobile devices analyzed by FBI forensic specialists, they found passcodes or passwords, Baker told a public meeting at the National Academy of Sciences on encryption and law enforcement.
But even for those 2,095 devices that were locked, investigators were able to open them in 1,210 cases, Baker said, according to reports — leaving just 880 (13 percent of the total number) devices beyond reach.
It’s not clear whether that number includes laptops and devices of any kind that might be broken or inaccessible for reasons other than encryption.
Hurd explained why: “If you know two people are talking in encrypted channels, you know a ton of stuff about them … You know a cellphone number, you know an email address, you know what apps they’re using … You can go to the email provider, you can go to the phone provider to get out all that information.”
All those other options, he said, undermined the law enforcement argument that encryption was causing them to “go dark.”
“When it comes to data in motion,” he added, “There’s so many other things you can do instead of demanding … [the right] to tell a company how to build their widget.”
With regard to the FBI “going dark” poster-child case — the iPhone used by the San Bernardino shooter — Hurd said that even before cracking the encryption, “We had all the pictures on the phone, we had all the contacts, we knew all the applications that were on the phone … Then after the fact when we finally got into it — there was nothing there.”
Encryption backdoors, he said, “is a topic that is squarely in the hands of Congress and Congress has been very clear through all the crypto wars where Congress stands.”
No bill calling for back doors has been passed by either chamber.
Hurd said he had asked law enforcement officials at both federal and state and local agencies, “What are the examples where the case went cold because of encryption?”
“I’ve asked for those examples,” he said, “I haven’t seen any … I haven’t been given a specific example of a case going cold because of encryption.”
He said that problems could be solved on a case-by-case basis by finding vulnerabilities in the device or by getting data from service providers.
“Now there’s gonna be a debate” in the new administration, he acknowledged, “But what we need to stop doing … is the private sector and the law enforcement community need to stop talking past one another.”
Former Deputy Attorney General Jamie Gorelick agreed. “I don’t think the rhetorical battle that we had [over backdoors] was helpful,” she said.
“We need to look for solutions,” she said, adding that they might be “technological.”
“I still don’t understand why key encryption [escrow], with very, very strongly held keys — not keys in the ethernet, but physical keys — could not be a solution here.”
Gorelick said she had “engaged with some of the best scientists in the country [on the key escrow issue and other possible tech solutions] and when you got underneath it, their reluctance was — ‘We like encryption.’”
“There have to be some ways in which we can square [those law enforcement and civil liberties] interests,” she concluded.
Hurd agreed: “We can protect our digital infrastructure, we can protect our civil liberties and we can chase bad guys all at the same time,” he argued, “It’s hard, but we can do it.”
“It starts with sober conversations when we aren’t in the middle of an attack,” he said, adding, “Encryption is good for our national security, it’s good for our economy, we need to be strengthening it not weakening it.”