June 16, 2016–Central Intelligence Agency Director John Brennan today called on lawmakers—in the aftermath of the June 12 murder of 49 people in Orlando, Fla.—to continue to work toward some type of solution that would allow U.S. law enforcement and intelligence agencies to access the content of encrypted communications and devices in pursuit of terrorists and major criminals. The CIA director made his plea at an open hearing held by the Senate Intelligence Committee, which most often conducts its hearings with intelligence agency heads in closed session.
While Mr. Brennan did not claim that the perpetrator of the Orlando murders—Omar Mateen, who at the time of his criminal actions professed his allegiance to the Islamic State of Iraq and the Levant (ISIL)—used encrypted communications technologies in connection with those actions, he discussed at length the use of such technologies by ISIL and other terrorist organizations and underscored the need for intelligence and law enforcement agencies to be able to access the content of encrypted communications.
Obama administration law enforcement and intelligence agency officials have been calling for a path forward to access such encrypted communications for more than a year, and have taken Apple, Inc., to court in unsuccessful bids to force the company to unlock Apple devices that may have held encrypted content and may have been used in the commission of crimes, including the December 2015 mass shooting in San Bernardino, Calif.
Speaking at today’s hearing, Mr. Brennan said that ISIL members are often young, comfortable with using social media and other online communications technologies, and “are very aware of what mediums provide them with the greatest security and protection . . . They recognize that a lot of apps have end-to-end encryption.”
In light of the use of such technologies by ISIL and other groups, Mr. Brennan said he would “hearken back” to plead with committee members “to continue to have the discussion” about the “appropriate role of the government in an area where the private sector owns and operates the worldwide Internet.”
“I do not believe there is a national consensus now about what that appropriate role is for law enforcement and intelligence agencies . . . to have the basis and foundation to protect citizens from what can happen in the digital domain,” he said.
Beyond the issue of access to encrypted communications, Mr. Brennan appeared to extend his concerns to other areas that terrorist organizations could exploit, including the use of propaganda, and the vulnerability of critical infrastructure to malware-based attacks.
“This is something that we have to come to grips with . . . so we don’t face a cyber 9/11,” he said.
“This is something that this government has to come to grips with,” he said, adding, “What is the role of government in making sure this country is kept safe from parties that want to hurt us.”
Mr. Brennan’s remarks appeared to receive a good reception from committee members who have previously indicated that they support his views on access to encrypted communications, and criticism from those who have opposed them.
Among those more sympathetic were Sen. Richard Burr (R., N.C.), chairman of the committee, and Sen. Dianne Feinstein (D., Calif.), the committee’s vice chairman, who earlier this year (TRDaily, April 13) released a discussion draft of legislation that would require communications service providers and communications device and software makers to comply with court orders for information or data in connection with the investigation of specified “serious crimes.” The bill—the Compliance with Court Orders Act of 2016—was positioned by the senators as a catalyst for discussion on the issue of communications encryption technologies, and has not yet been introduced.
Sen. Burr said today that he was not willing to accept the Orlando or San Bernardino shootings as “the new normal,” and that “we should be able to live securely in a free society.” He urged the U.S. to press its offensive against ISIL, saying, “We must take the fight to them, where they raise money, where they plan, where they recruit. We cannot negotiate.”
Sen. Feinstein (D., Calif.) said that ISIL “is taking advantage of technology and social media” to recruit and inspire adherents, which she said “concerns me greatly.” She noted ISIL’s use of social media and said “it is a big security problem” for the U.S. “when you have the electronic world feeding the propaganda to inspire” lone-wolf attacks.
“We are trying to discuss a bill on encryption using court orders asking companies to cooperate on national security and major crimes,” she said, and asking, “What is the responsibility of the tech sector?”
But committee members who oppose government action to access encrypted communications were quick to pounce on what they saw as the flaws of such a move.
Sen. Ron Wyden (D., Ore.), who has been a fierce critic of such action, told Mr. Brennan that “if encryption is banned in the U.S., it will be easy to download encryption from hundreds of sources overseas.”
He also said that requiring companies to build “backdoors” for law enforcement that compromise encryption “will put the personal safety of Americans at risk at a dangerous time,” and pledged, “I will fight such a policy with everything I have.”
Mr. Brennan said he disagreed that encrypted technologies made in other countries can be easily accessed, calling that a “theoretical ability.”
“U.S. companies dominate encrypted apps . . . and they will continue to dominate encrypted apps,” he said.
As for a solution for allowing law enforcement access to encrypted communications, he said, “the private sector is integral to addressing these issues and I urge the committee to continue working on it.”
Sen. Mark Warner (D., Va.) told Mr. Brennan that the November 2015 ISIL attacks in Paris were aided by the group’s use of the encrypted “Telegram” app that is made in Germany, and that the issue of access to encrypted communications “is an international problem . . . that cannot be solved by America only.”
“We have legitimate challenges about how we work through our legal structure to get at information,” said Sen. Warner, who is sponsoring legislation—the National Commission on Security and Technology Challenges Act—that would create a 16-member commission to seek ways to help law enforcement agencies gain access to encrypted communications in pursuit of criminals and terrorists without weakening encryption for lawful purposes.
But, he said, “I believe it would make Americans less safe for us to mandate in any way a solution set that would simply push the bad guys to foreign-based hardware and software.” And he argued that the issue will “only get more complex as we move into the Internet of things.”
Sen. Martin Heinrich (D., N.M.) said he liked the idea of a national commission to study digital security issues but also pointed to the wide gulf between positions in the debate, saying, “We need to find some way . . . to legally carry our responsibilities . . . without it being perceived as a back door.” He also said the topic was “largely a private sector issue . . . we need to define what roles are for the government and what roles are for the private sector.” And he said that Americans should become more educated about the debate so they “don’t fear the government’s role.”
In a closing statement at today’s hearing, Sen. Burr said, “This feud between the tech companies and the intelligence community and law enforcement has to stop.”
Elsewhere during today’s committee hearing, Sen. Wyden asked Mr. Brennan for a written response within two weeks to the question of whether the CIA would comply with an update to Section 702 of the Foreign Intelligence Surveillance Act that said the CIA could only search for the communications of U.S. persons if the Department of Justice had first obtained a warrant for that purpose, subject to exceptions in the case of emergencies. Mr. Brennan declined to discuss the substance of the senator’s question at the hearing but said “we will try” to provide an answer in two weeks.
Mr. Brennan also said the CIA has seen “some effort” on the part of the Chinese government to comply with commitments made last year to refrain from economically-motivated theft of U.S. intellectual property, but he added that such attempts at theft from Chinese entities had not stopped because not all efforts aimed at stealing IP are directed by the government.
“I continue to be concerned about the cyber capabilities that reside within China, and the actions that some continue to undertake,” he said. —John Curran, firstname.lastname@example.org