Encryption & Key Management , Next-Generation Technologies & Secure Development , Security Operations
House IT Panel Chairman: Don't Weaken Encryption
Rep. Will Hurd Says Congress Shouldn't Curtail Security ProtectionsAs the debate intensifies over Apple's refusal to help the FBI crack the iPhone password of one of the San Bernardino shooters, the chairman of a House panel that oversees government cybersecurity says Congress should not rush to enact any law that would require technology companies to weaken encryption.
See Also: Webinar | Securing Cloud Architectures: Implementing Zero Standing Privileges
In an interview with Information Security Media Group, U.S. Rep. Will Hurd says Congress should not enact legislation that would compel technology companies to provide a backdoor so law enforcement and intelligence agencies can circumvent encryption on mobile devices and cloud services to support criminal investigations.
"You can't build a backdoor to encryption; technically, it's not feasible," says the Texas Republican, who chairs the House Oversight and Government Reform Information Technology Subcommittee, which provides government IT and cybersecurity oversight. "You don't weaken security of others to target one particular thing, one individual. Encryption is good for our national security. Encryption is good for our economy. We should do everything we can to strengthen encryption."
His comments came as a national debate intensifies over Apple's decision not to help the FBI unlock the iPhone used by one of the San Bernardino, Calif., shooters (see Cook: Apple Wanted More Discussions with Feds). On Capitol Hill Thursday, FBI Director James Comey told the House Intelligence Committee that Congress should settle the question of when law enforcement should gain access to citizens' private data. Apple, meanwhile, filed court papers opposing a judge's order requiring it to assist the FBI in gaining access to the content of the assailant's iPhone.
Tech-Savvy Lawmaker
Hurd's opinion matters because he's one of the most cybersecurity-savvy members of Congress. Prior to his 2014 election to the House, representing a district that stretches from San Antonio to El Paso in southwest Texas, Hurd served as an undercover CIA operative and later as a partner and senior adviser with the cybersecurity firm FusionX. Because of his cybersecurity know-how, Republican leaders named him to chair a subcommittee, a rare honor for a freshman lawmaker.
The Texas congressman says he he isn't supporting a legislative proposal from the leaders of the Senate Intelligence Committee, Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., that would require technology companies to give law enforcement officials the ability to circumvent encryption.
Instead, Hurd says Congress and the nation need to have a "sober conversation" on the issue. He says he favors a 9/11-style commission that would study digital security matters, including encryption, as proposed by House Homeland Security Committee Chairman Michael McCaul, R-Texas, and Senate Intelligence Committee member Sen. John Warner, D-Va. (See Apple Building iPhone It Can't Hack.)
"The first step is to have a conversation so law enforcement and industry aren't talking past one another," he says. "We get all the right folks in a room and talk about the actual problem and ways we can get around that so we're doing everything we can to keep our country safe from bad guys but also protecting our civil liberties because our civil liberties ... are the things that make our country great."