Lawmakers, top cops, and presidential candidates have been saying the same thing for months: It's time for America's greatest tech geniuses to sit down with the country's cops and spies and figure out how to give the government safe access to encrypted messages and devices. That goal gained new currency last month when Apple and the FBI went to war over the locked iPhone of one of the San Bernardino shooters, and even President Barack Obama has joined the chorus calling for a compromise. "I'm confident that this is something we can solve, but we need the tech community to help us solve that," he said at the South by Southwest tech conference last week.
In an attempt to break the logjam, legislation has been proposed in Congress to create the National Commission on Security and Technology Challenges to tackle the problem. But how likely is it that the commission's 16 experts with a range of backgrounds—from cryptographers and intelligence officials to privacy advocates and tech executives—will be able to come up with a new way to protect privacy and personal security while still giving the government what it wants? Mother Jones asked a dozen lawmakers, legal experts, technology and encryption researchers, and privacy advocates this question. Their nearly unanimous answer was that the commission would be hard-pressed to find a realistic compromise that could reconcile national security and law enforcement needs with privacy and security for average citizens.
"I don't know what it would be," says Matthew Green, a computer science professor at Johns Hopkins University and a prominent commentator on digital security.
"I think we legitimately don't have the answer," says Carrie Cordero, a law professor at Georgetown University and former counsel for the Department of Justice and the Office of the National Intelligence Director.
Sen. Ron Wyden (D-Ore.), the Senate's most outspoken encryption advocate, says the "odds aren't great" that "the next commission is going to just be able to leap out and invent a solution that nobody's ever thought of."
The lack of answers could create a big problem for the future of encryption and other forms of data security in the United States. Law enforcement officials, led by FBI Director James Comey, say terrorists and criminals are using encrypted apps and devices to make more and more of their communications unreadable to cops and intelligence agencies. The FBI and other agencies want access to that data, but tech experts and privacy advocates say there's no way to create such a "backdoor" without weakening overall security and giving criminals and hackers the same access into data as law enforcement. If the two sides can't stop "talking past each other," as Comey complained at a congressional hearing last week, Congress could simply pass a law outlawing any encryption that law enforcement can't access. Members of the House Judiciary Committee brought up that possibility to Apple's top lawyer during a hearing earlier this month, and Obama repeated the warning in Austin last week. Technology experts say that such a measure would create huge security problems for average citizens and potentially stunt the advances in the tech industry.
The proposed commission intends to help stave off such a law and encourage some dialogue. Rep. Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.), who co-sponsored the legislation that would establish the commission, agree. But there is still a basic problem: How can a government commission ever find a middle-ground solution that many experts say does not exist?
Cordero and Susan Hennessey, a former National Security Agency lawyer and current fellow at the Brookings Institution, are skeptical of the commission, but they argue it could, at least in theory, establish common ground between the two sides and ratchet down tensions in what has become an increasingly polarized debate. "I think the way this commission becomes useful is if it's able to establish a set of facts or an agreed-upon framing of the issue, and then all of the conversations can go from there," Hennessey says. The mandate of the commission, Cordero suggests, should extend beyond the encryption fight. "It needs to be: What changes to the law do we need, or what international agreements do we need in order to facilitate law enforcement, national security, and maintain appropriate levels of privacy?" she says. "I think it's more about the bigger picture than it is about encryption as one technological application."
For technologists and privacy experts, the technological issues are settled. "There is no secure way to backdoor encryption because encryption is math, and math hasn't and won't change," says Robyn Greene, the policy council at the Open Technology Institute, a project of the liberal-leaning New America Foundation. "So at the end of the day, I don't know why we're continuing to have this conversation. It really seems like something that is just people out there spinning their wheels."
Some believe the opportunity for technical experts to sit down at length with law enforcement could actually change minds and make the government more receptive to the tech community's concerns. "My hope is that when we start to show people how risky it is, that they will voluntarily realize that this is kind of a dangerous thing, and maybe they'll start adjusting the demands," says Matthew Green, the Johns Hopkins professor.
Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the chairman and ranking Democrat on the Senate Intelligence Committee, may introduce just such a backdoor-access bill as early as this week. Feinstein also suggested last Wednesday that the government could charge companies with material support for terrorism if terrorists use their products. "If one of those proposals was to become law, it would be way worse than anything that would come out of any kind of yearlong technical commission," Green says.