Raskin, Biggs Ask DOJ to Protect US Encryption Against UK Orders
DOJ should act to prevent countries like the U.K. from seeking backdoor access into Americans’ encrypted devices, House Judiciary Committee ranking member Jamie Raskin, D-Md., and Rep. Andy Biggs, R-Ariz., said Thursday.
Sign up for a free preview to unlock the rest of this article
Biggs, chairman of the House Federal Government Surveillance Subcommittee, and Raskin led a subcommittee hearing focused on U.K. Home Office orders seeking backdoor access into Americans’ encrypted Apple devices (see 2503140052). Biggs in March signed a bipartisan, bicameral letter with Sen. Ron Wyden, D-Ore., on the matter.
During the hearing, Raskin and Biggs, to varying degrees, asked DOJ to reexamine its agreements under the Cloud Act, a 2018 law that allows cross-border data-sharing with foreign law enforcement. The U.S. has Cloud Act agreements with the U.K. and Australia.
Raskin said DOJ can “do its job” and not sit idly while the U.K.’s Home Office issues “secret orders” against U.S. companies: “But thus far, that’s exactly what the DOJ has done. I sincerely hope we move quickly to change that.” Raskin said he believes the Cloud Act has been “beneficial” to this point, but forcing companies to circumvent their encrypted services is the “beginning of a dangerous slippery slope.” Keeping data secure from government intrusion “has never been more important.”
Biggs asked DOJ to determine whether the Cloud Act agreement with the U.K. is working as intended. If not, the U.S. should invoke its 30-day termination clause and renegotiate, he said. Biggs said he’s long had concerns about the Cloud Act emboldening foreign governments to “spy on Americans.” He noted that Director of National Intelligence Tulsi Gabbard, in her Senate confirmation hearing, said encryption backdoors lead down a “dangerous path.”
Backdoors aren’t capable of “only letting good guys in while keeping the bad guys out,” said Raskin. They’re “intentional” design weaknesses. End-to-end encrypted services ensure no one, not even law enforcement, can access devices, he said.
House Judiciary Committee Chairman Jim Jordan, R-Ohio, said he “appreciated” the remarks of Biggs and Raskin. Congress has more work to do to further protect Americans from surveillance abuse when it next reauthorizes the Foreign Intelligence Surveillance Act, he said.
All four witnesses at Thursday’s hearing said the Cloud Act doesn’t sufficiently protect American data from foreign invasion of privacy. No private company wants to use encryption services if the keys are stored with the U.K. government, and there’s nothing in the Cloud Act prohibiting the U.K. from pursuing such orders, said Tufts University professor Susan Landau.
Center for Democracy & Technology Security and Surveillance Project Director Gregory Nojeim noted Apple is under a supposed U.K. gag order so it can’t technically inform authorities when it receives such an order.
Privacy International Legal Director and General Counsel Caroline Wilson Palow said the Cloud Act is designed to ensure foreign governments have a surveillance regime that respects privacy. “Clearly, the U.K. is not following that here.”