Yesterday, the final text of the “National Commission on Security and Technology Challenges” legislation was released. In December, the Niskanen Center released a joint press release supporting the Chairman’s proposed Commission, and the released text has not moved us from our initial position of support. In fact, the bipartisan approach and focus on reasonable discourse, practical considerations, and general tone of compromise contained in the text makes this Commission an agreeable means of advancing the broader contours of this debate. While there has been much fanfare surrounding the announcement, there are also many questions from some who are hesitant to support the Commission.
The primary concerns that have been levied against McCaul’s Commission are as follows: (1) it could produce recommendations that would be detrimental to the privacy, civil liberties, and economic benefits associated with digital communications technologies; (2) the Commission is nothing more than another blue ribbon panel that follows in an already long line of previously convened review panels and won’t offer anything different; (3) the encryption “problem” is not one that requires a solution; and (4) it is more likely than not to favor those who can pass security clearances, stacking the deck in favor of those who don’t support strong encryption.
Like other members of civil society, I share all of these concerns, but given the current political landscape—especially in the lingering wake of the Paris Attacks, San Bernardino, and now the battle raging between Apple and the FBI—the fallback options available to privacy advocates are extremely limited. All it takes is one more terrorist attack (which, to be clear, is a question of when, not if) to turn public opinion in favor of potentially onerous demands from law enforcement and drive the public discourse towards support for knee-jerk legislation like that recently discussed by Sens. Dianne Feinstein and Richard Burr. No one wants that.
Of course, some would argue that the mere presence of this Commission would do little to deflect bad legislation from emerging in the wake of such an event. Then again, it may be just enough of a solution that legislators can comfortably point to the ongoing discussion amongst commissioners as reason not to rush into any ill-advised legislation. Ultimately, there’s no way of knowing for certain.
To the specific concerns above, I would respond: (1) there are certainly no pre-ordained outcomes with regards to potential Commission recommendations, but given the broad makeup of the Commission (including cryptographers, economists, advocates from civil society, and the technology industry), it seems unlikely the result will be a “we-must-break-crypto” solution; (2) many of the previous panels convened to examine issues related to encryption excise important stakeholders in these debates and have been largely dominated by members of civil society, the legal community, and technologists (This is not to say their recommendations are not valuable. Indeed, the MIT report “Keys Under Doormats” is a fantastic retort to law enforcement’s contention that backdoors or key escrow “solutions” to encryption are neither technically feasible nor desirable.); (3) McCaul’s Commission is not, by any means, intended to “solve” any problem associated with encryption—rather, it attempts to examine the larger question of how the challenges faced by law enforcement in the digital age might be reconciled with the need for strong encryption, strong privacy protections, and ensuring the strength and vitality of the digital ecosystem; and (4) the text of the Commission makes it clear that any decision to include a “classified annex,” as well as security clearances for commissioners, is left entirely to the members of the Commission itself.
The question with which we are presented is not whether this Commission is the best path forward. Rather, the question is whether this approach, weighed against all available alternatives, is better than doing nothing. I would contend that doing nothing is not an option, especially amidst a seemingly never-ending parade of heated rhetorical flourishes in which civil society and law enforcement talk past one another. Additionally, the wide array of support McCaul’s approach has engendered should not be ignored. In addition to Sen. Mark Warner, the Commission has been co-sponsored by Sens. Cory Gardner (R-CO), Brian Schatz (D-HI), Susan Collins (R-ME), Michael Bennet (D-CO), Shelley Moore Capito (R-WV), Angus King (I-ME) and Dean Heller (R-NV). In the House, the co-sponsors include Reps. Jim Langevin (R-RI), Patrick Meehan (R-PA), Suzan Delbene (D-WA), Mike Bishop (R-MI), Ted Lieu (D-CA), Will Hurd (R-TX), Kathleen Rice (D-NY), Blake Farenthold (R-TX), Eric Swalwell (D-CA), Dan Donovan (R-NY), Jerry McNerney (D-CA), Barbara Comstock (R-VA), Mimi Walters (R-CA), Ryan Costello (R-PA), and Dave Reichert (R-WA). A few choice quotes from Senators advocating the Commission follow:
Sen. Gardner: “the establishment of the Digital Security Commission is essential as it unites our country’s brightest experts from the government and private sector who are in the best position to develop and present recommendations to Congress to tackle the issue of digital security.”
Sen. Collins: “A dialogue among the Administration, Congress, law enforcement, and the tech community is needed to protect the privacy rights of law abiding individuals in an era where terrorists and criminals increasingly use encrypted devices.”
Sen. Bennet: “The commission can help break the gridlock in this debate by providing Congress with serious and substantial recommendations that come from the consensus of experts on all sides.”
Sen Capito: “By establishing a bipartisan digital security commission and uniting experts in technology, privacy and law enforcement, we can better understand the full range of solutions needed to keep Americans safe, while ensuring personal privacy and bringing terrorists to justice.”
Sen. Heller: “Americans expect Congress to find a path forward, and this Commission is the commonsense first step.”
And it’s not just members of Congress supporting this approach. Other backers include Ann Beauchesne, Senior Vice President for National Security and Emergency Preparedness at the U.S. Chamber of Commerce, Dana Schrad, the executive director of the Virginia Association of Chiefs of Police, and Michael Beckerman, CEO of the Internet Association. And of course, the Wall Street Journal Editorial Board and Apple have also both come out as proponents.
In closing, this Commission, though far from an ideal solution, is the best of all available political alternatives. We should embrace the old adage of politics serving as the art of the possible, and temper our expectations, for both the best and worst possible outcomes of this Commission.
(Further resources exploring the Commission, as well as the text of the bill itself, can be found below)
Full bill text: https://homeland.house.gov/wp-content/uploads/old_uploads/2016/02/2016.02.29_Commission.pdf
Section-by-section analysis: https://homeland.house.gov/wp-content/uploads/old_uploads/2016/02/McCaul-Warner-Commission-Sec-by-Sec-1.pdf
Brief two-page memo: https://homeland.house.gov/wp-content/uploads/old_uploads/2016/02/McCaul-Warner-Commission-One-pager-1.pdf
McCaul and Warner at the Bipartisan Policy Center: https://homeland.house.gov/mccaul-warner-commission-2/