Now that the Senate is considering legislation to undermine encryption, it was only a matter of time before the House put together a proposal of its own. Republican Representative Michael McCaul plans to introduce legislation that would create a "national commission on security and technology challenges in the Digital Age." McCaul, who is the chairman of the House Homeland Security Committee, wants to "bring together the technology sector, privacy and civil liberties groups, academics, and the law enforcement community to find common ground."
It became clear very quickly that the main purpose of the commission is to deal with encryption, which McCaul considers a threat to national security stating, "We cannot stop what we cannot see." He makes some mention of the concerns raised by backdoors in encryption, but insists there must be a technological solution that will allow law enforcement to access encrypted communications and still protect privacy.
I think initially lawmakers thought there was an easy legislative fix where we just amend the CALEA statute, until we found out that providing a backdoor into everybody's iPhone was not going to be a very good strategy. Not only would it provide a backdoor for the government, but also for hackers. So you've noticed that the language of the FBI director and the language of the Secretary of Homeland Security has shifted to trying to find a technology solution to this problem.
Now this commission might be a waste of time, but maybe it isn't necessarily such a big deal if Congress never takes the step of actually mandating backdoors by law. Just having talks, as unproductive as they might be, doesn't seem like a huge threat. However, he goes on to explain more about the planned legislation.
And so what this legislation provides -- in fact what it will mandate -- that all relevant parties sit in the same room together, and in a very short period of time, provide the Congress with solutions and recommendations for legislation to deal with what I consider to, as I said in my remarks, one of the most difficult challenges of this century, in dealing with counterterrorism and basically criminal behavior.
Based on his use of the word mandate, it would suggest that tech companies will be forced to take part in this commission whether they want to or not. Its unclear what penalties, if any, companies would face for refusing to cooperate, and we probably won't know until a bill is actually introduced. Based on what he's said so far, it seems like tech companies will be required by law to develop an impossible solution, "in a very short period of time," that will allow police to access encrypted communications but won't allow criminals to do the same.
Is this commission going to accomplish anything constructive? Leave your comments below.