A US House Committee has finally reached some conclusions in its long-running investigation into the issue of encryption in the USA, but unfortunately, their solution is as clear as mud.
The catchily-named House Judiciary Committee & House Energy and Commerce Committee’s Encryption Working Group (EWG) has published a report which is intended to delve into the issue of whether security or privacy should be prioritised in the encryption debate.
Both sides of the fence
The Committee, which comprises Fred Upton (R-MI), Frank Pallone, Jr (D-NJ), Bob Goodlatte (R-VA), and John Conyers (D-MI) have indeed reached some conclusions, but unfortunately, they seem to have fallen on both sides of the fence simultaneously.
They seem intent on finding a solution which allows data to be secured using encryption, whilst still enabling US intelligence agencies, and other authorities to access it when required. If this seems little like trying to combine oil and water, that’s because it is.
One of the report’s key conclusions is that encryption should not be weakened. The committee has concluded that to do this would be against the national interest. However, they then immediately go on to say that Congress must “address the legitimate concerns of the law enforcement and intelligence communities.”
Unfortunately, they do not go any deeper into how this scenario might be achieved, meaning that there is little to suggest to Congress how they might move this issue forward.
One conclusion which does seem eminently sensible is that Congress should play a role in developing a better working relationship between the US Intelligence Agencies and the big tech companies.
Closer cooperation between them would seem ideal as it would negate the need for legal cases and legislation every time a controversial case appears. However, it would require the intelligence agencies to reign in their demands and the tech companies to hand over more customer data, something neither appear willing to do at the present time.
There are a few other possible ways forward presented, including exploring new ways to capitalise on metadata, the use of ‘legal hacking’, and making the disclosure of passwords a legal requirement. However, how these proposals might be put into practice and how effective they might be is not explored in any real detail.
Homeland Security Commission
The EWG is not the only House committee to have been taking a look at this issue. The Homeland Security Commission has compiled its own report, which was released back in September.
Unfortunately, their report reached similar vague conclusions about how to move the encryption debate on.
So, after two lengthy, and no doubt expensive, reports, the debate appears to be stuck exactly where it was before. How, therefore, can Congress get the ball rolling again.
In all likelihood, the incoming administration of Donald Trump will change the narrative around the debate in its entirety. Trump has said publicly that Apple should have unlocked the San Bernardino terrorist killers iPhone (in the case which really kicked this whole debate off).
And given his cabinet picks, it seems likely that the new administration will be taking a much more pro-security stance. Although of course, only time will tell.
But for those who value the privacy of their encrypted communications, this looks likely to be bad news. Investing in additional encryption software such as VPNs looks to be a wise investment for US citizens right now.