Vid FBI agents and US Department of Justice officials perhaps thought they were in for an easy ride during a congressional hearing on crime, terrorism and encryption. If so, they were mistaken.
House reps on the Oversight and Government Reform Committee tore into the Feds' demands for skeleton keys to decrypt citizens' private files.
The panel met on Wednesday to question law enforcement and technology experts about the FBI's proposals for backdoors in encryption. Cryptographers say it is impossible to build secure encryption systems that only allow Uncle Sam in and keep hackers out.
Unusually, the committee has not one but two members who actually know something about technology. Representative Ted Lieu (D-CA) is one of only four US congressfolk who holds a computer science degree, and Representative Will Hurd (R-TX) is a former CIA agent who ran a cybersecurity company before being elected.
Both congressmen listened as Daniel Conley, district attorney of Massachusetts, called on Congress to ban Apple and Google's on-by-default file encryption in cellphones. Conley said the technology was aiding child pornographers, terrorists and, rather bizarrely, people who take upskirt photos of women on public transport.
"In America, we often say that none of us is above the law," Conley said [transcript PDF]. "But when unaccountable corporate interests place crucial evidence beyond the legitimate reach of our courts, they are in fact placing those who rape, defraud, assault and even kill in a position of profound advantage over victims and society."
His colleague Amy Hess, executive assistant director of the FBI's science and technology branch, claimed [transcript PDF] that rapists, child abusers, and terrorists, were piling into encryption. Agents' monitoring was "going dark" thanks to encryption, she added. Hess wants backdoors added to security software source code to allow access to data on demand – with a warrant, of course.
These demands cut little ice with the committee, which roasted both speakers over the technical impossibility of their plans, and had some choice words about the practices used by law enforcement to surveil and track suspects.
"Why do you think Apple and Google are doing this? It's because the public is demanding it. A public does not want an out-of-control surveillance state," Lieu said.
"Apple and Google don't have coercive power. District attorneys do, the FBI does, the NSA does, and to me it's very simple to draw a privacy balance when it comes to law enforcement and privacy: just follow the damn Constitution. And because the NSA didn't do that and other law enforcement agencies didn't do that, you're seeing a vast public reaction to this."
Hurd said that there were already hacking tools that could be used by agents that worked, recounting how when he was a network penetration tester for banks he would always offer to either charge a fee, or be allowed to keep what he could steal. No one took the second option because he always got in.
He said the FBI and cops should be held to a higher standard when it came to civil liberties. He promised the committee would be watching the FBI's proposals "very carefully" to make sure privacy isn't trampled underfoot.
His colleague Representative Blake Farenthold (R-TX) also took the chance to put the boot in. He asked the panel of experts if anyone knew of a "gold standard" encryption system that could be backdoored – no one raised their hands.
While the bulk of the session covered encryption, Representative Jason Chaffetz (R-UT) asked Hess point blank if it is possible for the FBI to track people's location using their cellphones without a warrant. After offering to brief him privately on the matter twice, she admitted that yes, it is possible.
All in all it was a chastening and somewhat sore session for the Feds. It's also clear that, with elections not too far off, Congress seems to be understanding that the voting public is peeved at privacy invasions by the state. ®