Congressional hearing on encryption was bad news for privacy advocates

If one thing was made clear today, it’s that Congress is woefully unequipped to be debating encryption and backdoors for law enforcement with the major tech giants. But that surely didn’t stop them from doing so anyway!

On Tuesday, the Senate Committee on the Judiciary held a hearing titled “Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy.”

In plain speak, the Congressional hearing was about big tech’s security protocols to protect your personal data and the police’s frustration in not being able to access that data.

Apple’s Manager of User Privacy, Erik Neuenschwander, and Facebook’s Product Management Director for Privacy and Integrity in Messenger, Jay Sullivan, were both on the panel representing their respective employers. Both of these privacy professionals explained (numerous times) how each of their products worked. They patiently walked through how, in some cases, it’s literally impossible for Apple and Facebook to provide information to law enforcement because the companies themselves don’t have access to the information in question either.

Basically, Neuenschwander and Sullivan attempted to make it clear to Congress that this is a very complex issue which requires a balanced, thoughtful approach.

However, their attempts seemed to be for naught. 

Judiciary Committee Chairman Lindsey Graham (R-SC) opened up the hearing with an endorsement of encryption backdoors and denounced that the issue was “complicated” when the tech company executives tried to explain their side.

Representing the law enforcement position on the panel was Manhattan district attorney, Cyrus Vance, Jr., a longtime critic of big tech’s encryption policies.

“My advice to you is to get on with it,” said Graham. “Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.” 

“The single most important law enforcement challenge in the last ten years, in my personal opinion, is the expanded use of mobile devices by bad actors to plan, execute, and communicate about crimes,” said Vance in his opening statement. “Just as we ordinary citizens rely on digital communication, so do people involved in terrorism, cyber fraud, murder, rape, robbery, and child sexual assault.”

Vance’s main focus at the hearing seemed to be on the fact that, prior to in 2014, Apple was able to help law enforcement bypass an iPhone’s passcode to access the contents of the device. Since Apple implemented encryption, it can no longer do this.

“We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in,” said Apple’s Neuenschwander, explaining how any backdoor into a phone could be exploited, so it’s best to just not have one at all.

“We oppose intentionally weakening the security of encrypted systems because doing so would undermine the privacy and security of people everywhere and leave them vulnerable to hackers, criminals, and repressive regimes,” Facebook’s Sullivan concurred.

The most bizarre moment of the hearing came when Vance claimed he’d asked Apple for proof that its prior backdoor-friendly system had been exploited, thus necessitating the encryption change. Apple responded by saying there has been instances of bad actors misusing these vulnerabilities to breach customers’ phones. 

Vance then showcased why he’s woefully unqualified to be involved in this technology debate: The Manhattan DA clarified that he was specifically seeking proof about instances where a phone was compromised by bad actors while en route from law enforcement to Apple for unlocking. Embarrassing.

Neuenschwander had to explain this wasn’t the issue and reiterated that Apple itself was never breached; its customers were and that’s why the company instituted encryption, effectively blocking law enforcement access.

Apple and Facebook’s position on encryption is one even Michael Hayden, former Director of the National Security Agency and Central Intelligence Agency, backs. In an published today in Bloomberg, Hayden lays out how encryption backdoors wouldn’t stop crime as there are always alternative messaging platforms, be they foreign or open-source, for criminals to utilize. He also explains how the pros of having a backdoor may not outweigh the cons as bad actors, such as foreign governments, would be able to exploit these vulnerabilities.

The hearing also happened to occur on the same day Facebook sent a to U.S. Attorney General, Bill Barr, saying it would not get rid of Messenger encryption as he requested.

Vance, for his part, claims he isn’t “anti-encryption,” but his positions during the panel, and throughout his long professional of against encryption, present a different story.

The biggest problem with Vance’s rhetoric surrounding encryption is that it doesn’t have much of a base in reality. In 2016, was able to obtain records relating to some of the cases in which Vance sought to unlock an individual’s phone, but was unable to do so. One case involved a man who was caught trying to buy two Xbox video game consoles with a stolen credit card and was caught when the transaction was declined. Other cases involved crimes such as muggings and street-level drug dealing. These are not exactly the major offenses Vance usually pushes in his anti-encryption advocacy. 

Furthermore, every single case led to a conviction without the need to break into anyone’s phone. Is it possible that having that phone access would have made prosecuting these cases easier? Sure, but it also proves that it isn’t necessary.

“If we open these things up, there are consequences,” Lee warned about encryption backdoors.

Unfortunately for privacy-minded individuals, most of the members of the Judiciary Committee took Vance’s position and sided with law enforcement over the need for backdoor access versus a priority on user privacy.

It’s a disappointing turn of events considering congressional leaders have somewhat demonstrated a level of tech-savviness in their arguments (for politicians, at least) on a number of tech-related hearings over the last few months. Today’s hearing, however, was more old form and simply highlighted their ignorance.

Senator Graham, along with many other Committee members, strongly encouraged that big tech work this issue out with law enforcement, while also strongly warning that Congress could force the companies’ hands.

“My advice to you is to get on with it,” said Graham. He warned that if the tech companies don’t solve the encryption issue with law enforcement on its own by next year, then Congress “will impose our will on you.”

Senator Richard Blumenthal (D-CT) proposed a more drastic measure: getting rid of Section 230 of the Communications Decency Act. This provides the tech giants with immunity from legal responsibilities pertaining to what its users publish on its platforms.

“That will end because the American people are losing patience,” he said.

Apparently, Blumenthal’s position is for law enforcement to gain access to our data or … Congress will end the internet as we know it. 

Other members of Congress, both Republican and Democrat, also tried to conflate Facebook’s own legitimate data scandals with the encryption issue. The difference here being that Facebook’s mishandling of private data hurts its users, whereas with encryption the company is protecting its users. 

Senator Josh Hawley (R-MO), for example, referenced how social media platforms like Facebook collect user data for its own purposes, like ad-targeting. Hawley then attempted to extract an assurance from Facebook that it would not use the user data from Facebook Messenger’s encrypted messages in a similar way. Sullivan tried to explain that the company could not ad-target Messenger data because, again, these messages are encrypted. The company does not have access to them.

The sole anti-surveillance voice on the Committee, Senator Mike Lee (R-UT), closed out the hearing by criticizing his colleagues for falling back on the old “protect the children” trope when arguing for their positions against encryption. Lee mocked these conversations for often resorting to a debate over “who loves children more.”

“If we open these things up,” Lee warned about encryption backdoors, “there are consequences”