The U.S. Congress should allow an expert commission to recommend ways to resolve the contentious debate over police access to encrypted communications before passing "knee-jerk" legislation, one lawmaker said.
Even as Apple and the FBI fight in court over access to a terrorist suspect's iPhone, a 9/11 Commission-style digital security panel should try to find a compromise between smartphone users' privacy and law enforcement access to encrypted devices, Representative Michael McCaul, a Texas Republican, said Wednesday.
"Given the complexities of this issue, there's no legislative, knee-jerk response that will solve this problem," McCaul, chairman of the House of Representatives Homeland Security Committee, said during a forum hosted by think tank the Bipartisan Policy Center. "This is an urgent issue, and I believe [a commission] is the best vehicle."
McCaul declined to comment on a legislative proposal, not yet introduced as a bill, that would require Apple and other tech vendors to help law enforcement agencies break into encrypted devices. He hasn't yet seen the full plan from leaders of the Senate Intelligence Committee, he said.
Still, any proposal to enforce police wiretap-style rules on encrypted devices wouldn't work, McCaul said, because such a regulation would introduce insecure "back doors."
McCaul and Senator Mark Warner, a Virginia Democrat and Senate Intelligence Committee member, plan to introduce a bill to establish their proposed digital security and encryption commission. The 16-member commission would include law enforcement leaders, privacy advocates, encryption experts, tech industry representatives and other groups, the two lawmakers said.
The lawmakers would expect the commission to produce recommendations in about a year, they said.
Both sides in the encryption debate are dug in, with the FBI, Obama administration and other law enforcement agencies pitted against many technology vendors, privacy groups and cybersecurity experts. In late 2014, FBI Director James Comey began raising concerns that investigations are "going dark" because of new encryption services on smartphones.
A commission would give all sides room to look at the issue again and seek alternatives, the two lawmakers said. Even though many commissions don't produce work that leads to solutions, "this could be a case where we prove the pundits wrong," Warner said.
It's a complex issue that needs more debate, Warner added. Many law enforcement and intelligence officials acknowledge that "encryption is here to stay, and it protects Americans' personal information, financial information, intellectual capital," he said. "This genie's not going to be put back into the bottle."
Four cybersecurity experts speaking after Warner and McCaul agreed that a commission is a good idea. A commission debate could help separate hype from fact and educate the public about the issue, they said.
A commission could offer a "more pragmatic approach" than the current encryption debate, said Susan Hennessey, a national security fellow at the Brookings Institution and former National Security Agency lawyer. "Getting people in a room who are willing to, as a matter of first principle, believe there might be a solution, represents a step forward."
But a presidential panel already voiced strong support for end-to-end encryption in 2013, noted Michael German, a former FBI agent who's now a fellow in the Brennan Center for Justice's Liberty and National Security Program.
The FBI and other government agencies have "not heeded these recommendations," he said.
The government wants digital technologies to build in more access to information than it demands from other products, German added.
"We don't require the people who manufacture paper shredders to have a chip that records and scans that document so it's recoverable," he said. "The piece of technology that has destroyed more evidence than any other ... is the flush toilet, and yet we realize the benefits of indoor plumbing to our society outweigh the fact that certain evidence is going to be beyond the government's reach."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.