Members of Congress have started to take a keen interest in the security of digital communications.
Rep. Ted-Lieu, D-Los Angeles, is calling for a congressional investigation into a security flaw in mobile networks that makes it possible for hackers to listen in on other users’ phone conversations or read their text messages. Meanwhile, a congressional subcommittee on Tuesday is holding a hearing on the encryption debate, with representatives of Apple, the Federal Bureau of Investigation and the security research community testifying.
“This is a core issue of public safety and ethics, and it requires a very thoughtful approach,” Rep. Tim Murphy, R-Pennsylvania, said at the start of the hearing held the Oversight and Investigations subcommittee of the House Committee of Energy and Commerce, which he chairs.
Lieu’s call for an investigation into the phone network security vulnerability follows a report this weekend by CBS’s “60 Minutes.” In 2014, security researchers identified a flaw in the protocols used to connect telephone networks around the world that can give hackers access to the phone calls, text messages and location information of mobile phone users. “60 Minutes” reported that the flaw still hasn’t been fixed.
The newsmagazine demonstrated the danger posed by the vulnerability by providing a cell phone to Lieu. Security researchers were able to show that — thanks to the flaw — they could record the congressman’s phone conversations and keep track of his whereabouts by only knowing the phone number of his device. Because the vulnerability lies within the systems underlying the mobile networks, it can expose personal information no matter what phone you are using.
The flaw could be used by criminals, by foreign companies to spy on their American rivals and by foreign countries to spy on American officials, Lieu warned in a letter to representatives Jason Chaffetz, R-Utah, and Elijah Cummings, D- Maryland, the chairman and ranking member, respectively, of the House Committee on Oversight and Government Reform. In his letter, Lieu called on the committee to “examine the full scope and implications” of the vulnerability.
“The vulnerability has serious ramifications not only for individual privacy, but also for American innovation competitiveness and national security,” he said.
While Lieu was warning Congress to take a look at a security vulnerability, some of his colleagues were looking at the flip side of the debate, encryption. The Oversight and Investigations subcommittee had called on both sides of the growing debate over the security technology to talk about how it might impede law enforcement efforts and how it helps protect average citizens.
Among those scheduled to testify before the committee was Bruce Sewell, Apple’s general counsel. In a prepared statement, Sewell emphasized the benefits of encryption.
Someone who hacked your phone would likely find more valuable information there than if they broke into your house, Sewell said. Because of that, phones and other computers and networks are under constant threat of attack. And encryption is a crucial tool in defending those devices and that data, he said.
“The best way we and the technology industry know how to protect your information is through the use of strong encryption,” Sewell said in his statement. “Strong encryption is a good thing, a necessary thing. And the government agrees.”
The hearing comes in the wake of the court battle between Apple and the FBI over the iPhone used by one of the San Bernardino attackers. The phone was locked with a passcode and protected by Apple’s default security measures, including encryption.
The FBI initially tried to get a court order to force Apple to weaken its software to make it easier to unlock the device. But the agency later withdrew from the case in the face of Apple and tech industry resistance and after another company helped it unlock the phone.
Photo: Bruce Sewell, general counsel at Apple, testifying before the House Subcommittee on Oversight and Investigations on Tuesday, April 19, 2016. (Screen capture from YouTube video of hearing.)
The post Congress taking a close look at digital security, encryption appeared first on SiliconBeat.
