James Baker, the top lawyer at the Federal Bureau of Investigation, recommended Wednesday that Congress take a more active role in legislating on U.S. law enforcement’s limited access to encrypted data tied to a criminal investigation.
“We don’t want this debate driven by some kind of catastrophe down the road,” Baker said during panel discussion Wednesday. Baker, the FBI’s general counsel, appeared at an event to discuss a new encryption report issued by the Center for Strategic and International Studies.
“The American people, through their elected representatives, have to make a value determination” regarding encryption, he said. “The world is moving forward, and doing nothing is an action, and will result in a particular state of affairs.”
“I’m not sure that a commission is going to be able to come up with a kind of granular solution, [a] highly technical solution, promptly, that we can put in place to deal with this,” Baker said
“In the meantime, technology is going to evolve,” Baker continued. “How the bad guys use technology is going to evolve. How we deal with it is going to evolve. All that’s going to be happening in real time as we go forward, no matter what Congress does.”
Baker suggested to Morning Consult after the event that a report issued in December by the House Encryption Working Group was an insufficient response to the problem. That report advised discussions between private industry and law enforcement on the thorny interactions between the need to protect consumer privacy and the need to fight terrorism, but it cautioned against legislation at this time.
An aide on the House Energy and Commerce Committee, which oversaw the formation of the House Encryption Group, did not respond to a request for comment.
The encryption debate exploded into the public sphere last year during a legal standoff between Apple Inc. and the FBI over an encrypted iPhone used by one of the suspected terrorists in the 2015 attack in San Bernardino, California.
The FBI took Apple to court in a bid to compel it to unlock the device, but dropped the suit after they were able to access the phone without Apple’s help. Still, Baker said there are many instances where federal investigators remain unable to work around industry encryption software when attempting to access a suspect’s encrypted data.
Baker acknowledged that mistrust of government is the chief reason for public resistance to rules that would allow U.S. law enforcement to use backdoors or other tools to access encrypted data. But, he said, much of that concern is misplaced.
While there are several layers of oversight designed to keep the FBI accountable and prevent the misuse of private data, Baker stressed that none of those safeguards now exist in the private sector.
“It’s just not regulated,” Baker said of the private sector. “It’s not regulated with regard to how they keep the data — is it safe? — or what they’re doing with it.”
Baker suggested Congress could pass legislation requiring the industry to be more transparent about how they collect and store private data and whether that data is encrypted against attack.
“I’m not trying to get the heat off of us, in the sense that I expect us to be held less accountable,” he said. “It’s just that — let’s keep in mind, as we’re all fretting about backdoor and the FBI doing this and so on and so forth, data’s going out the door. It’s vulnerable, we don’t know where it’s going, we don’t know who has it.”
Correction: A previous version of this story incorrectly stated that the House Encryption Working Group advocated for an encryption stakeholder commission.