Senate Armed Services Committee Chairman John McCain warned Google and Apple executives Thursday that the Committee "has subpoena power" that could compel them to testify on why their encryption systems on newer smartphones are not accessible to law enforcement operating under court orders. At the start of the hearing, McCain noted that Tim Cook, president of Apple, declined to attend the session. "This is unacceptable," he noted of Cook's reluctance to appear, as the hearing neared its end.
The Arizona Republican, who chairs the panel, said, "There's an urgency" to finding a solution to the matter of protecting privacy while also not closing out police, prosecutors and intelligence agencies from lawfully pursuing criminals and terrorists.
McCain indicated at the hearing, the second on cyber encryption that he has called, he was leaning toward passing legislation rather than establishing a commission to study the issue. One proposal in the Senate is to have the commission make a recommendation back to Congress and the administration within a year or 18 months.
The United States is losing one aspect of its competitive advantage in national security, and the culprit is encryption, according to Senate Armed Services Committee Chairman John McCain.
McCain added that "Encryption is eroding the digital advantage our national security and intelligence officials once enjoyed. Encryption is now ubiquitous across the counterterrorism fight—providing an avenue for recruitment and radicalization, as well as the planning and coordination of attacks that poses an increasingly difficult challenge to intelligence collection, military operations, and law enforcement."
McCain said that he's worried that end-to-end encryption, now a default setting on some services and devices, has made it so "even the least-sophisticated lone wolves can operate in digital secrecy."
After rebuking Apple's CEO Tim Cook for not attending the hearing, McCain said that "While we must recognize that that authoritarian regimes are eager to gain keys to encrypted software so they can further their own abusive policies, we must also resist slipping into a false moral equivalence. Complying with valid search warrants in countries that uphold the rule of law does not create an obligation for tech companies to assist repressive regimes that undermine the rule of law in suppressing dissent or violating basic human rights."
McCain added that "meeting all efforts to reach a middle ground with absolute resistance, as too many tech companies have done," isn't an option in the encryption debate. (For context, see Apple's CEO Rebukes Washington's need for 'Balance' and Tim Cook's Black Box Position on Encryption.)
The Senate Armed Services Committee met on Thursday to receive testimony on cybersecurity, encryption, and U.S. national security. The hearings had three expert witnesses testify before the hearing:
•Cyrus Vance, Jr., who currently serves as Manhattan District Attorney;
•Chris Inglis, former Deputy Director at the National Security Agency, and a Professor of Cyber Security Studies at the U.S. Naval Academy; and
•Kenneth Wainstein, former Homeland Security Advisor and Assistant Attorney General for National Security at the Department of Justice during the Bush Administration, and now a partner at Cadwalader.
During his opening statement, McCain made several additional points of interest. McCain acknowledged that "this is a complex problem with no easy solutions. Encryption technology protects our most common and essential day-to-day Internet activities, and safeguards our nation's secrets from sophisticated cyber adversaries. We must carefully balance our national security needs and the rights of our citizens.
Yes, this is a difficult problem. But ignoring this issue is not an option. Nor is meeting all efforts to reach a middle ground with absolute resistance, as too many tech companies have done. An all-or-nothing approach to encryption that is making it difficult, and sometimes impossible, to prosecute murderers, pedophiles, human traffickers, and terrorists is simply unacceptable.
I believe there is a growing recognition that the threat posed by the status quo is unacceptable, and that we need the public and the private sectors to come together to eliminate cyber safe havens for terrorists and criminals. The struggle between security and privacy, or between public and private goods, is not new. These struggles are as old as our republic. We haven't always gotten it right, but when we've found that balance, it's always been through open and honest dialogue. That is what we need right now.
Speaking as a former assistant attorney general in the George W. Bush administration, Kenneth Wainstein said, prosecutors "have to submit to lawful court orders" and so should Apple, Google and others who include that kind of security feature on their devices.
Cyrus Vance Jr., district attorney for Manhattan, told the committee that most criminals do not actively encrypt their communications, but that security feature already in place blocks law enforcement and prosecutors from gathering evidence in cases ranging from child pornography to murder. He added that his office has more than 300 phones with that feature in its hands but the data on them are not accessible to building cases. He decribed the companies' position regarding this inaccessible data as "simply acceptable collateral damage," even in criminal cases.
Sen. Angus King, (I-Maine), said while the encryption horse is already out of the barn because it is in place, "this should be a legislative solution." He encouraged the witnesses to send additional comments to the committee as it moves forward to its next hearing on cyber security.