The debate over terrorism and cell phone privacy might finally get its own official congressional review.
On Monday, the chair of the House Homeland Security Committee said he wants a special commission to review encryption -- specifically how technology helps terrorists avoid surveillance.
'We cannot stop what we cannot see," Rep. Mike McCaul said during a speech at the National Defense University in Washington, D.C. "This is one of the greatest counter-terrorism challenges of the 21st Century, and it is one of the biggest fears that keeps me up at night."
A major problem today is the inability to track terrorists who "go dark" by encrypting their communications.
McCaul, a Republican from Texas, hopes to create "a national commission on security and technology challenges in the digital age."
He wants to bring together law enforcement, tech companies, academics and privacy advocates to figure out a solution.
This is a classic privacy versus security debate. And if McCaul's commission gets approval by Congress, expect fireworks.
Law enforcement want unfettered access into everyone's devices -- and a way to tap into voice, text and video conversations.
But everyone else -- tech companies, academics, privacy advocates -- stands firmly against this. Their argument is: The same back door that lets law enforcement in can be used by hackers, criminals and foreign spies. If terrorists' conversations are less private, so are yours.
The encryption debate, explained
Right now, it's easier than ever for two people on opposite sides of the planet to have private, secure conversations.
WhatsApp and Telegram are apps that encrypt text. Signal encrypts phone calls. Wickr sends self-destructing messages. FaceTime, the video chatting app for iPhone, is encrypted too. For email, there's a tool called PGP. The popular, legal options are numerous.
All of these programs turn words into jumbled computer code. Government spies can't break that code fast enough.
Encryption keeps a conversation private between you and a family member. It also gives a safe haven to a terrorist in Syria and the person in the United States he's trying to recruit to commit an act of mass murder.
Making matters more difficult for police investigators, devices themselves are also locked with encryption. Even if police obtain a suspect's phone, they sometimes can't decrypt the information on the machine.
Apple (AAPL) and Google (GOOGL) devices prompt customers to create passcodes. And only you, the device owner, has the key to unlock it. These companies took that pro-privacy measure as a response to widespread public outcry in 2013, when we learned the U.S. government is conducting mass surveillance without warrants.
McCaul's commission
McCaul knows this debate is difficult. In his speech, he said "we should be careful not to vilify 'encryption' itself, which is essential for privacy, data security, and global commerce."
Computer security experts -- those who best understand encryption -- are wary about any commission.
"I'm unsure what part of encryption these politicians don't comprehend," said Shane MacDougall, a cybersecurity consultant at the firm Tactical Intelligence. "There is no mathematical way that one can weaken encryption for one party, while making it secure for everyone else. If we weaken encryption, then ironically, terrorists will be able to make more money from cybercrime, penetrate systems, and expand their reach."
Plus, any attempt to regulate encryption would be difficult. It's just software, which is easy to build, replicate and share. Much of it is free.
Marcus J. Carey is a former NSA computer network defense specialist, and he's now an executive at cybersecurity firm vThreat. He pointed out that law enforcement would have a difficult time clamping down on existing encryption tools. Many are built by a community of volunteers that reviews the code for mistakes. Cops could try to sabotage the tools by planting surveillance bugs in the software, but they'll probably get caught.
"It's not impossible to place back doors into open source software, but they would certainly be easier to spot," Carey said.
The one bright side? At least this won't be a one-sided debate with Congress only listening to the FBI and intelligence agencies.
"Politicians have little knowledge of tech and encryption. Technologists have little understanding of policy," said Ming Chow, a computer science lecturer at Tufts University. "Want to get it right? Every stakeholder needs to be sitting at the same table. The consequences of not getting it right is that no one wins."
