Tag: McCaul

McCaul: US playing ‘catchup’ to terrorists using encryption

McCaul: US playing 'catchup' to terrorists using encryption

The U.S. is playing “catchup” with terrorists and cyber vigilantes who coordinate via encrypted communications, according to the chairman of the House Homeland Security Committee.

“Today’s digital battlefield has many more adversaries that just nation states,” Rep. Michael McCaul (R-Texas) said in a Tuesday column for Bloomberg. “Terrorist groups such as ISIS [the Islamic State in Iraq and Syria], as well as hacktivists … are adept at using encryption technologies to communicate and carry out malicious campaigns, leaving America to play catchup.”

McCaul has been outspoken in the fight between tech companies and law enforcement over the regulation of encryption technology. He is currently prepping legislation that would establish a national commission to find ways to balance the public’s right to privacy with giving police access to encrypted information.

“I do think this is one of the greatest challenges to law enforcement that I have probably seen in my lifetime,” the former federal prosecutor told reporters last week.

Lawmakers are split over whether legislation is needed to address the growing use of technology that can prevent even a device manufacturer from decrypting data.

Tech experts argue that any guaranteed access for law enforcement weakens overall Internet security and makes online transactions such as banking and hotel bookings riskier. Privacy advocates say strong encryption provides important protection to individuals.

But law enforcement officials, along with some lawmakers, continue to argue that impenetrable encryption is a danger to public safety.

“From gang activity to child abductions to national security threats, the ability to access electronic evidence in a timely manner is often essential to successfully conducting lawful investigations and preventing harm to potential victims,” Assistant Attorney General Leslie Caldwell said at the annual State of the Net conference on Monday.

The White House has tried to engage Silicon Valley on the topic, recently meeting with top tech executives on the West Coast. But some lawmakers feel the process should move quicker.

In the upper chamber, Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.)  are working on a bill that would force companies to build their encryption so they could respond to a court order for secured data.

Both members of the Intelligence Committee have expressed a desire to move swiftly on encryption legislation and bypass the proposed national commission to study the topic.

McCaul warned that the threats the U.S. faces online “will only grow more prevalent.”

“The security of Americans’ personal information needs to keep pace with the emerging technologies of today,” McCaul said.

McCaul wants new commission on encryption and law enforcement

McCaul wants new commission on encryption and law enforcement

The chairman of the House Homeland Security Committee said he plans to introduce legislation that would allow the creation of a “national commission on security and technology challenges in the Digital Age.”

The legislation “would bring together the technology sector, privacy and civil liberties groups, academics, and the law enforcement community to find common ground,” Chairman Rep. Michael McCaul (R-Texas) said in a Dec. 7 speech at National Defense University. “This will not be like other blue ribbon panels, established and forgotten.”

He said the ability of terrorist groups to use encrypted applications while communicating is one of his biggest fears. “We cannot stop what we cannot see,” he said in reference to recent attacks in San Bernardino, Calif., and Paris.

McCaul described the Islamic State as not a “terrorist group on the run” but a “terrorist group on the march.” He said 19 Islamic State-connected plots in the U.S. have been thwarted by government officials. But he added that terrorist groups are using the Internet to expand.

“Americans are being recruited by terrorist groups at the speed of broadband while we are responding at the speed of bureaucracy,” he said.

FBI Director James Comey has been a vocal critic of end-to-end encryption in commercial devices, and his advocacy has received a mixed reception on Capitol Hill. During an Oct. 27 hearing, Rep. Will Hurd (R-Texas), a former CIA officer who has private-sector cybersecurity experience, criticized Comey for saying encryption thwarts counterterrorism efforts and for “throwing certain companies under the bus by saying they’re not cooperating,” a charge that Comey denied.

In an interview, Hurd welcomed McCaul’s proposed commission by saying, “I think getting a group of industry experts from all sides of this issue to talk — and to not talk past one another — is ultimately a good thing.”

Hurd, a member of the Homeland Security Committee, said he would planned to speak with McCaul to make sure the commission had the “right folks in the room.”

He added that the right people would be leaders of technology firms whose encryption services have been at the center of debate and law enforcement officers who might be able to identify situations in which agencies would need to get around encryption, Hurd said.

But those situations still seem elusive. When he was a CIA officer working on cybersecurity issues, Hurd said he did not think of encryption as an insurmountable roadblock.

“Guess what? Encryption was around back then,” he said.

Hurd pointed out that intelligence can be gleaned from the contours of encrypted channels — such as communications between IP addresses — without decrypting the communications.

“I still haven’t gotten anybody to explain to me a very specific case where the investigation went cold” because of encryption, he said of his conversations with law enforcement officials.

McCaul sounded a more dire note by saying, “I have personally been briefed on cases where terrorists communicated in darkness and where we couldn’t shine a light, even with a lawful warrant.”

He said countering Islamic State’s use of encrypted messaging is “one of the greatest counterterrorism challenges of the 21th century.” At the same time, he was careful not to target encryption technology itself, which he described as “essential for privacy, data security and global commerce.”

In a Dec. 6 speech from the Oval Office, President Barack Obama announced plans to seek public/private cooperation on challenges posed by encrypted communications. He said he will “urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice.”

However, it is not clear if that message represents more than a change in tone from current policy. The administration had previously said it would not seek legislation to push companies to retain customers’ encryption keys and share them with law enforcement agencies.

U.S. CIO Tony Scott told FCW in a November interview that “at the end of the day, I think the better policy is probably not to require these backdoors” for law enforcement.

Although a new law could potentially cover U.S.-based providers and devices manufactured by U.S.-based companies, encryption applications would still be widely available beyond the country’s jurisdiction.

“All the really bad people who are highly motivated to keep their stuff secret are going to use the encryption method that doesn’t have a backdoor,” Scott said.

McCaul used the bulk of his speech to call for tighter restrictions on the Visa Waiver Program, as outlined in a bill introduced this week that would require high-risk individuals who have visited a terrorist hot spot to undergo an intensive screening process before entering the United States. He said that approach would also strengthen intelligence sharing with allies and help prevent passport fraud.