Policy

Legislators Rebuke Officials Who Complain About Encryption

"Just follow the damn Constitution," Ted Lieu suggests.

|

Senate Homeland Security Committee

Cops, prosecutors, and spies do not like encryption (when other people use it), because it makes their jobs harder. The appropriate response to that concern is: Too bad. Lots of things, including locks, safes, window blinds, and 3D printing, make law enforcement and intelligence gathering harder. That does not mean people should not be able to use those things. Law enforcement and intelligence agencies have no right to demand that the world be rearranged to facilitate their work. Yet Congress often seems to think they do, as reflected in laws such as the Communications Assistance in Law Enforcement Act (CALEA).

CALEA requires telecommunications carriers to make sure their customers' conversations and correspondence can be monitored by the government. As the Federal Communications Commission explains, Congress enacted CALEA in 1994 because "emerging technologies such as digital and wireless communications were making it increasingly difficult for law enforcement agencies to execute authorized surveillance." Given legislators' usual willingness to accommodate such concerns by imposing mandates on private companies, it is refreshing to see two members of Congress, Sen. Rand Paul (R-Ky.) and Rep. Ted Lieu (D-Calif.), challenge law enforcement agencies' complaints about encryption.

During a Senate hearing on Wednesday, Secretary of Homeland Security Jeh Johnson complained that "the marketplace is demanding deeper and deeper encryption into places where the warrant authority of the government does not extend." He also worried that "with encryption there are communications…records of which are simply not being maintained because of the added security that is being put in place because of the privacy demands that exist in the marketplace."

Paul said those "privacy demands" are an understandable response to revelations about government snooping, such as the National Security Agency's mass collection of phone records and warrantless surveillance of Americans' communications with people in other countries:

The real culprit is government. You've been so overzealous in vacuuming up all of our records without a legitimate warrant that…it's cost the United States billions of dollars in the sense that people in Europe and around the world don't want our stuff…because they're worried that the government's going to stick stuff in there and that you'll have backdoor access…

So it's been a big problem for our companies selling things worldwide, but it's a response to a government that didn't have, I think, a real sense of decency towards privacy. The companies are [responding] to your behavior.

House Subcommittee on Information Technology

On the same day, Lieu issued a similar rebuke to Suffolk County, Massachusetts, District Attorney Daniel Conley, who told a House subcommittee that "when unaccountable corporate interests place crucial evidence beyond the legitimate reach of our courts, they are in fact placing those who rape, defraud, assault and even kill in a position of profound advantage over victims and society." As Cyrus Farivar notes at Ars Technica, Lieu rejected the "offensive" implication that anyone who offers encryption is a criminal accomplice:

It's a fundamental misunderstanding of the problem. Why do you think Apple and Google are doing this? It's because the public is demanding it. People like me: privacy advocates. A public does not want an out-of-control surveillance state. It is the public that is asking for this. Apple and Google didn't do this because they thought they would make less money. This is a private-sector response to government overreach.

Then you make another statement that somehow these companies are not credible because they collect private data. Here's the difference: Apple and Google don't have coercive power. District attorneys do, the FBI does, the NSA does, and to me it's very simple to draw a privacy balance when it comes to law enforcement and privacy: Just follow the damn Constitution.

And because the NSA didn't do that and other law enforcement agencies didn't do that, you're seeing a vast public reaction to this. Because the NSA, your colleagues, have essentially violated the Fourth Amendment rights of every American citizen for years by seizing all of our phone records, by collecting our Internet traffic, that is now spilling over to other aspects of law enforcement. And if you want to get this fixed, I suggest you write to NSA: The FBI should tell the NSA, stop violating our rights. And then maybe you might have much more of the public on the side of supporting what law enforcement is asking for.

Then let me just conclude by saying I do agree with law enforcement that we live in a dangerous world. And that's why our founders put in the Constitution of the United States—that's why they put in the Fourth Amendment. Because they understand that an Orwellian, overreaching federal government is one of the most dangerous things that this world can have.

Ted Lieu is my new hero. The only reservation I have is that he should not have left the backdoor open to imposing limits on encryption if the FBI, NSA, et al. promise to behave themselves from now on. People have a right to use encryption even if that means some information is beyond the reach of warrant-wielding government agents.