Co-Founder Andrew Chang's article was originally featured on Thehill.com
The encryption battle line has been drawn.
On one side of the showdown we have a senator, who despite representing America’s tech heartland constituency, doesn’t understand rudimentary principles of technology. Joining her is another senator, who is in a hotly contested race, and since pushing the Cybersecurity Information Sharing Act last fall, has been consistently seeking issues he can co-opt to remain in the limelight during the re-election cycle.
On the other side, we have a bill supported by one of the few technology entrepreneurs in Congress and the House Homeland Security Chairman—both of whom have repeatedly expressed a clear interest in arriving at a rational compromise to this debate, while expressing intellectual humility with regards to Congress’s ability to effectively and competently address the encryption issue on its own.
Over the past few months, Chairman McCaul and Senator Warner have been open and frank about what their proposed legislation would involve: bringing together economists, cryptographers, law enforcement officials, privacy advocates, and the tech community to talk through the issue of encryption. No mandate to produce any particular legislative recommendation is included in the Commission’s charge, only empirically-driven reports. Any recommendations that would be offered would require a majority vote of the commissioners, approved of in a bipartisan fashion. Senators Burr and Feinstein, however, have taken a decidedly more cloistered approach to constructing their legislation.
In the past few months since they announced their intent to legislate on encryption, only silence and obfuscation has come from their offices. No transparency, no word on the particular details of their efforts, no inclusion of civil society’s thoughts and input, no attempt at reaching out to compromise whatsoever. Now they have delivered their secretive legislative proposal. And from almost every conceivable angle, it’s bad. In fact, it’s terrible.
Essentially, the Burr-Feinstein legislation would mandate that all data, whether on a mobile device or held in cloud storage, be capable of being “rendered intelligible” at a court’s behest. The terms related to rendering data unintelligible, however, remain undefined. Does deleting data count as making it unintelligible? What about perfect forward secrecy, where encryption keys exist only ephemerally before being reconstituted? Is such encryption now functionally illegal?
What about the free speech implications? Anonymizing data, according to the bill’s language, would necessarily have to be reversible upon demand from the government. And yet anonymous speech is protected by the First Amendment. That would seem to make the law unconstitutional on face value. Additionally, the bill would effectively deputize app stores to serve as compliance enforcement officers of the law’s provisions. Are we really comfortable with handing that level of censorship authority over to third party entities? Are those entities themselves comfortable performing those duties?
The companies and services that would be in violation of this bill’s provisions are numerous and diverse. From Snapchat and Google to WhatsApp and Cisco, no tech company, software provider, or hardware manufacturer that incorporates or otherwise makes use of encryption is safe from the scope of this legislation. A vote for Burr-Feinstein is a vote against the modern, digital-powered economy.
If we’re being generous, this bill is just sloppy and bad. More honestly, it’s technically impossible to implement and likely unconstitutional. And while it’s unlikely to be passed into law, the real concern is that after half a year of work on this bit of text, Sens. Burr and Feinstein have essentially produced nothing more than a hot sloppy mess that fails to achieve any sort of rational compromise on encryption. It also serves as a prime example of just how little many of those in Congress understand the technical issues at play in this debate.
That’s why Congress should instead pass the McCaul-Warner Commission. This is the best path forward to resolving the encryption debate. By assembling a report and recommendations from the leading minds in the fields of economics, law, technology, computer science, and law enforcement, we can begin to form a general concurrence of opinions, informed by a common understanding of the underlying facts.
Politics is the art of the possible. The approach advocated by Chairman McCaul and Sen. Warner embraces that mantra, and is a thoughtful, well-balanced, and moderate alternative to the impulsive and hazardous jargon promoted by Sens. Burr and Feinstein. Congress can avail itself of either option, but the wisest recourse is clear: the McCaul-Warner Commission offers the best path forward on encryption.
When the dust settles, the outcome of this ongoing Second Crypto War will be clear. Here’s hoping the McCaul-Warner Commission is left standing.
Hagemann is a technology and civil liberties analyst at the libertarian advocacy organization the Niskanen Center. Chang is a co-founder and managing partner of Eastern Foundry, an incubator and accelerator for tech startups working with government.