The United States needs to continue to support strong encryption or risk undermining the digital economy, according to a bi-partisan congressional report released Dec. 20.
The Encryption Working Group Year-End Report, summarizes the conclusions of a nearly year-long investigation by members of the House of Representatives’ Judiciary Committee and Energy and Commerce Committee.
While finding that “any measure that weakens encryption works against the national interest,” the report also concluded that Congress needs to consider legislation that could help law enforcement gain access to digital information during investigations and work with technology companies to find solutions.
“Although federal law enforcement agencies told the [group] that they encourage the use of encryption for the protection of sensitive information including data retained by the federal government they cite the increased use of encryption by suspected criminals and victims of crime as a severe challenge to their public safety mission,” the group stated in the report.
The members of Congress created the working group during the tense standoff between Apple and the FBI over the law enforcement agency’s demands for the consumer-technology giant to help decrypt an iPhone belonging to one of the killers in the San Bernardino mass shooting of 2015.
The Encryption Working Group has met with numerous law enforcement and intelligence officials, technology industry experts and civil rights organizations on the topic of encryption and its impact on legitimate government activities.
The group announced four conclusions in its report: strong encryption is in the national interest; if the U.S. weakens the encryption in IT products, companies in other countries will gain marketshare; the topic is complex with no simple solution for every situation; and that Congress should help technology companies and law enforcement agencies cooperate.
Ten members of the Encryption Working Group signed off on the report, including Bob Goodlatte (R-VA), Fred Upton (R-MI), Frank Pallone, Jr. (D-NJ), John Conyers, Jr. (D-MI), Bill Johnson (R-OH), Yvette D. Clarke (D- NY), Darrell Issa (R-CA), Zoe Lofgren (D-CA), James Sensenbrenner (R-WI) and Suzan DelBene (D-WA). Two other members—Joe Kennedy (D-MA) and Adam Kinzinger (R-IL)—reportedly refused to put their names on the report.
Technology companies lauded the findings, which amounted to confirming what most firms have argued repeatedly—weakening encryption, or providing a backdoor, just creates vulnerabilities.
“Legislative mandates that undermine the technology would only serve to make everyone less secure,” Aaron Cooper, vice president of strategic policy initiatives with the Business Software Alliance, wrote in a blog post on the report. “At the same time, the report recognizes—and BSA strongly supports—the important work of law enforcement in protecting our safety and pursuing criminals.”
The report recommends that Congress follow up on the findings in the future by developing legal means for law enforcement to access company information, improve law enforcement’s ability to access meta data, and build a legal framework to support exploitation for evidence and intelligence gathering.