Senate Armed Services Chairman John McCain, R-Ariz., torched a range of Obama administration cybersecurity policies and initiatives last week, but stepped lightly around the struggle to define a policy related to encryption of consumer technologies such as smart phones.
Encryption was the putative topic of a Sept. 13 Senate Armed Services Committee hearing and, after describing the problem that encryption poses for law enforcement and intelligence services, McCain largely left it to others to flesh out a debate that seems to vex the policymaking apparatus.
Two witnesses before the committee — Defense Undersecretary for Intelligence Marcel Lettre and Adm. Michael Rogers, the head of the National Security Agency and U.S. Cyber Command — testified that the Pentagon and Obama administration are trying to engage in a productive dialogue with the tech sector on encryption.
Lettre and Rogers said they understood the security and market concerns of tech companies, which face skepticism about their products thanks to the leaks by fugitive NSA contractor Edward Snowden.
Stay abreast of the latest developments from nation’s capital and beyond with curated News Alerts from the Washington Examiner news desk and delivered to your inbox.
Sorry, there was a problem processing your email signup. Please try again later.
Thank you for signing up for Washington Examiner News Alerts. You should receive your first alert soon!
The senior Pentagon official and the admiral repeatedly said they have no interest in legally requiring companies to build in “back doors” that would allow access to encrypted communications.
“Anything that looks like a back door isn’t something we’d like to pursue,” Lettre said. He said “case-by-case” discussions with companies were preferable.
“We’ve found that when [the administration] and private sector are able to have quiet discussions on a case-by-case basis, the dialogue changes,” Lettre said.
“Partnerships are incredibly foundational to the future,” Rogers said. But under questioning from Sen. Bill Nelson, D-Fla., the admiral said the level of cooperation with tech companies was inadequate “from an operational standpoint.”
McCain and some others have said tech companies under court order should be able to unlock encrypted communications used by terrorists or criminals, but legislation along those lines has yet to advance from the Senate Intelligence Committee.
The discussion drew mixed reactions. Sen. Jeanne Shaheen, D-N.H., said Apple and Twitter have refused to cooperate in high-profile cases and that a legislative response on access to encrypted material may be necessary.
Sen. Angus King, I-Maine, pointed out that a majority of commercial encryption technology is produced overseas and beyond the reach of U.S. court orders. “We can’t regulate something that’s over in Berlin,” he said.
“I don’t know what the answer is,” Rogers said, “but we have to think more broadly than one market.”
Separate legislation to create a national commission on encryption appears to be hung up by jurisdictional squabbles in the House and has yet to make it onto the agenda of the Senate Homeland Security and Governmental Affairs Committee. This compromise approach to the encryption issue still appears to be a long shot this year.
The tech sector’s intense opposition to mandates in this space and concerns over where policy discussions may lead is one reason that legislative efforts have stalled.
“I don’t see how you get to a point where both sides see a positive outcome,” one industry source said.
“Overall,” Rogers said, the relationship between tech and government “is good,” but encryption is proving to be one of those “situations” where the techies won’t budge.
Encryption “can’t be approached as a privacy or a security issue,” Sen. Mike Lee, R-Utah, warned. “It must be approached holistically.”
It seems unlikely to be approached at all this year in any meaningful way.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.