NC’s Burr: Tech companies should help shape encryption laws | McClatchy Washington Bureau

Two top thinkers in North Carolina’s tech economy – both entrepreneurs with military experience – are split over how the state’s senior senator should navigate competing interests between national security and consumer privacy.

U.S. Sen. Richard Burr, R-N.C., the chairman of the Senate Intelligence Committee, has a leading role in the debate over government access to encrypted personal data found on devices such as Apple’s iPhone. And he wants a law requiring tech giants such as Apple and Google to obey court orders so national security officials investigating terrorism can get into encrypted information.

Encryption is used on private phone and computer files, accessible only to those with the “key,” unless the information is hacked by an outsider.

Burr has teamed up with U.S. Sen. Dianne Feinstein of California – the top Democrat on the Intelligence Committee – to draft proposed legislation that would give federal officials stronger authority to access encrypted information. Their proposal could play a prominent role in the national debate over privacy vs. security.

Rapidly changing consumer encryption technology shouldn’t hinder federal criminal or terrorism investigations, Burr said recently in an interview with McClatchy.

The Democratic opponent Burr faces in November’s election – former North Carolina state Rep. Deborah Ross – hasn’t said whether she supports Burr’s draft bill.

Already, the proposal has won support from some senior law enforcement and national security officials. The senators’ idea also has been met with skepticism by the technology industry and groups that advocate for personal privacy protections.

FBI Director James Comey said last week that he was glad Burr and Feinstein were helping to ignite debate, though he didn’t take a position on the proposal.

In North Carolina, one encryption expert and tech business co-founder said Burr’s proposal wouldn’t help the government gain access to criminal communications sent over phone apps not owned or operated by U.S. companies.

A “bad actor” has many options to hide their communications and location without using a phone’s native encryption, said Ron Culler, chief technology officer and co-founder of Secure Designs in Greensboro. Secure Designs specializes in providing small businesses nationwide with outside-managed Internet networks and online security, including encryption.

“I think (Congress) should keep their hands off of it,” Culler said. “These are private companies that have their own businesses and consumers that they’re responsible to.”

Gaining access around encryption, Culler said, won’t wipe out the tools terrorists use to communicate. Even if major phone manufacturers wanted to help national security officials, they don’t have a way to crack open software they didn’t create, he said.

Culler – like Apple CEO Tim Cook – said he was concerned that the government’s request for software companies to create encryption workarounds could lead to the keys falling in the wrong hands, compromising security for all users.

Apple’s claim that its employees can’t simply provide a way around an individual phone’s encryption without possibly making other phone systems vulnerable to hacks doesn’t hold water for Burr.

“I think (it) flies in the face of the expertise they’ve displayed by being able to create the encrypted network,” he said.

Apple fought the federal government earlier this year when the FBI got a court order for the company to unlock an iPhone that belonged to one of the suspects responsible for the San Bernardino, California, mass shootings. Government officials had the phone but said encryption technology had kept investigators from information about the suspect’s possible ties to terrorism.

Later, the FBI employed a hacker to get into the phone, largely resolving the legal case.

Despite the case dissolving, leading major communication-technology companies cried foul over the FBI’s request for a way around security features. But the tech world isn’t universally opposed to strengthening federal law in favor of government access.

“If you’re not doing anything criminally wrong, people shouldn’t worry about it,” said North Carolina’s Jim Reese, chairman of Tiger Swan, an Apex-based security firm with expertise in international communication, travel and high-tech business.

Reese supports Burr’s proposal. His business relies on impenetrable encryption systems, and Reese said he understood why some were wary about increased federal government access.

“The government doesn’t have the best reputation . . . and doesn’t do a good job explaining itself or collaborating with organizations,” he said.

Relationships with large tech companies could be improved, Reese said, but overall he’s on the side of top intelligence officials. It’s better that Congress put forth proposals to clarify what companies such as Apple are obligated to do rather than let judges make case-by-case decisions, he said.

Burr: Apple shouldn’t tempt ‘dark world’ hackers

Reese and Culler bring a unique perspective to North Carolina’s tech industry: Both men built U.S. military careers before joining the business ranks.

Culler worked for 10 years in the Navy’s secure communications arm. Reese is a retired colonel from the Army’s special operations Delta Force unit, based at Fort Bragg, North Carolina.

Both men list national security as a top priority but come down on different sides of the debate. In that way, their opinions seem to mirror the American public’s sentiment.

Nationally, two public opinion polls show a divide among Americans on the issue.

▪ In a Pew Research Center poll in February, just over half of 1,002 survey respondents thought Apple should help the FBI gain access to the San Bernardino iPhone. Thirty-eight percent of those surveyed sided with Apple. The rest were unsure.

▪ An online poll the same month by Reuters/Ipsos found that about 46 percent of those who’d responded supported Apple’s defiance of the court order. In that poll, about 35 percent of people sided with the FBI and about 20 percent were unsure.

Both polls were conducted before the FBI dropped its case against Apple.

So far, the topic hasn’t been prominent in Burr’s re-election fight with Democrat Ross, a former ACLU attorney.

Ross has said she wants more debate on the issue and thinks that consumer privacy should be a consideration alongside national security priorities. Her campaign this week did not answer whether Ross supports Burr’s legislation specifically. Burr’s campaign has claimed Ross is dodging questions about her stance.

Ross previously had told McClatchy, “I want the government to have that information,” referring to evidence on encrypted devices. But, she said, how the government gets that information matters, too.

“Law enforcement must have the tools they need to investigate and stop terrorism,” Ross said. “Any proposal we consider must make sure that we don’t show our playbook to terrorists and that there isn’t a backdoor into every law-abiding American's private life.”

The wording of Burr and Feinstein’s proposal will likely change before the duo formally introduces a bill in the Senate, Burr said. President Barack Obama hasn’t said whether he’ll sign the bill, if it passes.

Either way, Burr said, it’s unlikely his bill would land on Obama’s desk. Burr anticipates a lengthy debate and private meetings with tech companies to talk about a “workable solution.” So it’s more likely that Obama’s successor will contend with encryption legislation. The senator’s legislation proposal would require tech companies to have encryption-breaking technology but those companies wouldn’t have to share secrets, Burr said.

“We don’t want a key. We don’t want to know how it’s done. . . . You create the system, surely to goodness you can open it, extract something and close it without creating a vulnerability,” Burr argued.

Although federal officials found a way to crack the San Bernandino phone without Apple’s help, Burr said that approach wasn’t ideal. Gaining access without a manufacturer’s aid, he said, delays prosecution of criminals and may delay timely terror investigations.

Plus, he said, “I’m not sure that it’s in Apple’s best interest or any other device manufacturer to challenge the dark world to break their devices.”