SAN FRANCISCO — Lawmakers and politicians pounced after Tuesday’s terrorist attacks in Brussels to renew calls for stronger law enforcement surveillance capabilities to monitor the online activity of terrorist and criminals. But as has become routine, the tech industry is asking those in Washington for patience and thoughtfulness before passing any legislation that could harm Americans’ online privacy by weakening encryption security technology.
It’s unclear whether terrorists used encryption technology to carry out and shield their plans from intelligence agencies around the globe, but that hasn’t stopped the issue from seeping into the campaign rhetoric, as well as calls from policymakers to push new legislation.
"We have to toughen our surveillance, our interception of communication," Democratic presidential candidate Hillary Clinton told CNN on Tuesday, echoing similar calls from lawmakers in the Senate and House of Representatives. "We have to continually be learning and getting ahead of these thugs and criminals in order to prevent them fromdoing what they did in Brussels.”
Yet another member of Clinton's party, Silicon Valley Congresswoman Zoe Lofgren, D-California, argued that the immediate aftermath of an attack is the wrong time to make policy. “It’s usually a mistake to rush off in the moments after an appalling event,” she told International Business Times in an interview. “It’s almost always better to be deliberative and thoughtful as we sort through the policy challenges that we have.”
Already, legislation and action dealing with encryption is beginning to take shape in Congress. Lofgren is one of eight members of the "encryption working group" formed by the House Judiciary Committee and the Energy and Commerce Committee formed last week and charged with identifying solutions for balancing encryption technology and law enforcement’s needs by the end of the year.
Meanwhile, Sens. Richard Burr, R-Va., and Dianne Feinstein, D-Calif., have drafted legislation that would require tech companies to comply with court orders demanding they open up their technologies to law enforcement officials. And in both chambers, there is an effort by Rep. Michael McCaul, R-Texas, and Sen. Mark Warner, D-Va., to create a 16-person commission that would review all the technological challenges facing Congress over the coming years and make recommendations for each one, including the matter of encryptions.
“We must use all the tools at our disposal to fight back,” Feinstein said in a statement. “The way to prevent attacks like this is to develop good intelligence and always be vigilant. We can and must root out terrorist organizations like ISIL, interrupt plots before they are executed and protect innocent civilians.”
But as some lawmakers like Feinstein and Congressman Adam Schiff, D-California, warn of terrorists’ use of secure communications, others in Washington are calling on their colleagues to avoid knee-jerk reactions.
“It’s clear the fight over strong encryption is far from over,” said. Sen. Ron Wyden, D-Oregon, in a statement. “I’ll continue to resist shortsighted efforts that would undermine the cornerstone of digital security and harm Americans’ safety.”
Still, those in Silicon Valley are asking lawmakers not to make any rash decisions, despite how close to home the tragedy has hit for some in tech.
Harvey Anderson, the chief legal officer for cybersecurity company AVG Technologies, was shaken after learning that two of his employees were in Belgium on Tuesday and were barely able to avoid the attacks at the Brussels airport and one of the city’s subway stations. Yet despite this close call, Anderson said AVG remains firm in its opposition to legislation to weaken encryption, saying that the technology is critical to keeping the data of everyday online users secure from hackers and criminals. “Two wrongs don’t make a right,” Anderson said.
These attacks “exacerbate the calls for increased surveillance,” said Anderson, adding that his company’s top priority was ensuring the security and safety of its affected employees and their families. “But right now it's important that we focus on helping the victims and their families and continue our efforts to protect the public safety in a way that maintains the civil liberties and freedoms that the attackers themselves are seeking to undermine.”
AVG, which is based in the Netherlands but has an office in the Bay Area, was among the many tech companies that in February filed "friend of the court" briefs in support of Apple in a federal court case against the Department of Justice. There, the DOJ has sought a court order that would compel Apple to build code to unlock an iPhone that belonged to Syed Farook, one of the two shooters in the San Bernardino attack on Dec. 2 that left 14 dead. Apple, AVG and many others argued that if the iPhone maker were forced to comply with the DOJ’s wishes, dangerous legal precedents would be set that could cripple the U.S. tech industry and put user privacy at risk.
A hearing for the case had been scheduled for Tuesday but was postponed following a request by the DOJ, which on Monday said it may have found a way to unlock the device without Apple’s assistance.
With the high-profile case now put on pause, stakeholders in this encryption debate have turned their attention to Congress, where lawmakers are discussing various pieces of legislation that would address the use of encryptions and could potentially require that tech companies build backdoors into their products for law enforcement officials. The tech industry strongly opposes those backdoors, but as fear of terrorism grows among the public, the pressure on Congress to act will only keep growing, experts said.
“People are less concerned about privacy after these kinds of attacks and more concerned about safety,” said Bob Zeidman, head of Zeidman Consulting, a company that provides engineers for intellectual property litigation.
Many in tech are pushing for patience particularly in light of a report by the New York Times this weekend that said the terrorists involved with the Paris attacks in November were using unencrypted disposable cell phones as their main form of communications.
“The latest info about the Paris attacks suggest that there was no encryption used,” said Steve Shillingford, founder of the app Sudo, which uses encryption technology to help users create new identities. “We have to be careful about getting caught up in the moment and using one event to further an agenda.”
Others have echoed the argument that weakening the encryptions of U.S. companies will put Silicon Valley at a disadvantage to other tech markets around the globe, put the digital privacy of Americans at risk and do nothing to impact criminals and terrorist, who will still have access to encrypted products developed abroad.
“I suspect that if you force one company to give in, another company would pop up in its place,” said Justin Shiroff, an attorney with Snell & Wilmer whose practice includes online privacy and cybersecurity. “Criminal element and criminal intent has never been shy about trying to find the next thing to accomplish its ends.”