As strong encryption becomes ubiquitous, law enforcement continues to grapple with gaining access to devices used by suspected criminals. There have been several proposals for fixing the "going dark" problem, though most would require companies to build in "back doors" to give investigators access, which tech and privacy experts decry as an unacceptable solution.
Whatever the ultimate solution, endless debate of the issue will get us nowhere, experts told the Senate Armed Services Committee during a July 14 hearing.
"Twelve months of taking testimony resulting in non-binding recommendations and a report will not adequately address the urgency of the problem," said Cyrus Vance, Manhattan district attorney.
The encryption debate erupted on the national scene in February when the FBI obtained a court order to impel Apple to unlock an iPhone used by a shooter involved in an attack in San Bernardino, California, in December.
In the wake of that fight, many legislators moved to one side of the debate: Promoting strong encryption for privacy and security reasons or pushing legislation that would require some form of back doors. Others, like Sen. Mark Warner, D-Va., and Rep. Michael McCaul, R-Texas, proposed a commission to settle the debate once and for all.
None of the proposed bills have made it to the floor of either chamber and the proposed commission has yet to be formed.
Members of the Armed Services Committee said they want to see more action and less talk.
"It's not that I oppose a commission — who could oppose a commission focused on this issue — but I feel a much greater sense of urgency, immediacy to address these concerns," Sen. Richard Blumenthal, D-Conn., said.
As a prosecutor, Vance urged legislators to find a way to ensure law enforcement can access devices so that no one can hide from the rule of law.
"Centuries of jurisprudence hold that no item — not a home, not a file cabinet, not a smartphone — is beyond the reach of a court order," he said, adding that the Fourth Amendment, not encryption, is the strongest safeguard to Americans' privacy.
However, as demonstrated in the clash between the FBI and Apple, the trend toward implementing strong encryption has pitted law enforcement against private sector companies, which in some cases develop privacy controls to ensure even the manufacturer can't access customer data.
"This going dark issue has become exponentially more problematic with the recent advent of default encryption," said Kenneth Wainstein, a former assistant attorney general for national security. "As a result, providers and manufacturers are now often completely unable to satisfy lawful court surveillance orders."
The hearing's three panelists were in agreement that a legislative solution will be preferable to letting the free market sort this out.
"The idea that the private sector believes they are the arbiter of that choice is both inappropriate and I think unnecessary because I don't think we have to choose," said John Inglis, a professor of cybersecurity studies at the U.S. Naval Academy and former deputy director of the NSA. "There are systems that deliver appropriate security for those systems … and at the same time deliver appropriate access for the government."
Wainstein noted the impression that there is a business case for companies not to seem "too cozy" with the government and law enforcement, however he said this is a false choice.
"There's been a change since the disclosures from Snowden," he said. "Part of what I'd like to see come out of this legislative process is the clear signal that we expect cooperation."
"Can you create an environment in which law enforcement, pursuant to a court order, can access communications and others cannot? That is the technological question that I think all of us are struggling with. I would suggest, respectfully, that the answer has to be, 'Yes,'" Vance said. "Surely, with all the other technological advances we have achieved, this is not impossible, there's just no direction or requirement that this be addressed by the tech industry and government in a coordinated manner."
"I view this issue as one of the most compelling for a whole variety of reasons and I intend for this committee to, if necessary, bring up separate legislation for an issue that has clearly not been resolved," Committee Chairman John McCain, R-Ariz., said.
With the House and Senate short on time before the upcoming election, it's unclear whether any legislation will be introduced this session, McCain said after a closed hearing with NSA Director Adm. Mike Rogers on July 12.
McCain declined to go into detail on the classified hearing but said he'd like to air these issues in a public forum.
"One thing I did talk to Adm. Rogers about is possibly having an open hearing because I think the challenges presented by this whole issue of cybersecurity deserved public debate and discussion," he said after the July 12 hearing. "Obviously we are polarized here, as we are in industry. So I think if we could — if he felt comfortable, and I don't know if he does or not — I think we should have an open hearing."
Defense News congressional reporter Joe Gould contributed to this report.