Chairman Goodlatte: We welcome everyone today to this timely and important hearing on encryption.
Encryption is a good thing. It prevents crime, it prevents terrorist attacks. It keeps our most valuable information safe. Yet it is not used as effectively today as is necessary to protect against the ever increasing sophistication of foreign governments, criminal enterprises and just plain hackers.
We see this manifest almost every week in the reports of losses of massive amounts of our most valuable information from government agencies, retailers, financial institutions, and individuals. From identity theft to the compromising of our infrastructure, to our economic and military security, encryption must play an ever-increasing role and the companies that develop it must be encouraged to increase its effectiveness.
Encryption is a topic that may sound arcane or only the province of “techies,” but, in fact, is a subject whose solutions will have far-reaching and lasting consequences.
The Judiciary Committee is a particularly appropriate forum for this Congressional debate to occur. As the committee of exclusive jurisdiction over the U.S. Constitution, the Bill of Rights, and the federal criminal laws and procedures, we are well-versed in the perennial struggle between protecting Americans’ privacy and enabling robust public safety. This Committee is accustomed to addressing many of the significant legal questions arising from laws that govern surveillance and government access to communications, particularly the Wiretap Act, the Electronic Communications Privacy Act, the Foreign Intelligence Surveillance Act, and the Communications Assistance to Law Enforcement Act, otherwise known as CALEA.
Today’s hearing is a continuation of the Committee’s work on encryption – work that Congress is best-suited to resolve.
As the hearing title indicates, society has been walking a tightrope for generations in attempting to balance the security and privacy of Americans’ communications with the needs of our law enforcement and intelligence agencies. In fact, the entire world now faces a similar predicament, particularly as our commerce and communications bleed over international boundaries on a daily basis.
Encryption, in securing data in motion and in storage, is a valuable technological tool that enhances Americans’ privacy, protects our personal safety and national security, and ensures the free flow of our nation’s commerce. Nevertheless, as encryption has increasingly become a ubiquitous technique to secure communications among consumers, industry, and governments, a national debate has arisen concerning the positive and negative implications for public safety and national security.
This growing use of encryption presents new challenges for law enforcement seeking to obtain information during the course of its investigations, and even more foundationally, tests the basic framework that our nation has historically used to ensure a fair and impartial evaluation of legal process used to obtain evidence of a crime.
We must answer this question: how do we deploy ever stronger, more effective encryption without unduly preventing lawful access to communications of criminals and terrorists intent on doing us harm? This now seems like a perennial question that has challenged us for years.
In fact, over 15 years ago I led congressional efforts to ensure strong encryption technologies and to ensure that the government could not automatically demand a backdoor key to encryption technologies. This enabled the U.S. encryption market to thrive and produce effective encryption technologies for legitimate actors rather than see the market head completely overseas to companies that do not have to comply with basic protections.
However, it is also true that this technology has been a devious tool of malefactors. Here is where our concern lies. Adoption of new communications technologies by those intending harm to the American people is outpacing law enforcement’s technological capability to access those communications in legitimate criminal and national security investigations.
Following the December 2015 terrorist attack in San Bernardino, California, investigators recovered a cell phone owned by the county government but used by one of the terrorists responsible for the attack. After the FBI was unable to unlock the phone and recover its contents, a federal judge ordered Apple to provide “reasonable technical assistance to assist law enforcement agents in obtaining access to the data” on the device, citing the All Writs Act as its authority to compel.
Apple has challenged the court order, arguing that its encryption technology is necessary to protect its customers’ communications’ security and privacy, and raising both constitutional and statutory objections to the magistrate’s order.
This particular case has some very unique factors involved and as such may not be an ideal case upon which to set precedent. And it is not the only case in which this issue is being litigated. Just yesterday, a magistrate judge in the Eastern District of New York ruled that the government cannot compel Apple to unlock an iPhone pursuant to the All Writs Act. It is clear that these cases illustrate the competing interests at play in this dynamic policy question – a question that is too complex to be left to the courts and must be answered by Congress.
Americans surely expect that their private communications are protected. Similarly, law enforcement’s sworn duty is to ensure that public safety and national security are not jeopardized if possible solutions exist within their control.
This body, as well, holds its own Constitutional prerogatives and duties. Congress has a central role to ensure that technology advances so as to protect our privacy, help keep us safe, and prevent crime and terrorist attacks. Congress must also continue to find new ways to bring to justice criminals and terrorists.
We must find a way for physical security not to be at odds with information security. Law enforcement must be able to fight crime and keep us safe, and this country’s innovative companies must at the same time have the opportunity to offer secure services to keep their customers safe.
The question for Americans and lawmakers is not whether or not encryption is essential, but instead, whether law enforcement should be granted access to encrypted communications when enforcing the law and pursuing their objectives to keep our citizens safe.
I look forward to hearing from our distinguished witnesses today as the Committee continues its oversight of this real-life dilemma facing real people all over the globe.
For more on today’s hearing, click here.