As Congress debates how it should address the ongoing debate over encryption, Rep. Ted Lieu is working to get his fellow Congress members to adopt end-to-end encryption to secure their communications.
Lieu is meeting next week with House of Representatives chief information officer Catherine Szpindor to discuss how to get the representatives to encrypt their communications with staffers, and how to educate them about common hacking methods like spoofing and spearphishing. Lieu asked his own staff to switch its communications to WhatsApp after he participated in a 60 Minutes segment in which hackers demonstrated how they could listen to the representative’s phone calls.
WhatsApp rolled out end-to-end encryption for all its 1 billion users earlier this month, making it the default for users’ communications to be encrypted even as they pass through the company’s servers. This allows chats and calls to stay secure, even if the company suffers a breach or is served a warrant. WhatsApp users can verify each other’s identities by comparing fingerprints — a string of numbers uniquely tied to the user — or scanning each other’s QR codes. (WhatsApp makes verification a little difficult to locate in the app, but you can find a user’s fingerprint by tapping their name in a chat, then tapping ‘Encryption.’)
“It was in the back of my mind that I should start using encryption on my mobile devices but the 60 Minutes piece lit a fire for me to do the switch,” Lieu told TechCrunch in a WhatsApp chat. He says he chose WhatsApp because he had read news stories about the app’s introduction of end-to-end encryption, but hasn’t yet instructed his staffers to verify their contacts using WhatsApp’s QR codes.
Having a hacker eavesdrop on his phone calls made Lieu take his personal communications security more seriously. “I think a lot of people still aren’t aware of how easy it is to have your information monitored or stolen,” Lieu says. His entire staff is now using WhatsApp, and staffers described the transition from texting to the app as relatively painless — most of them were already using it, anyway.
In addition to his meeting with Szpindor, Lieu is also hoping to get the entire Congressional freshman class briefed on cybersecurity.
“The Freshman class is diverse,” he explains. “I think cybersecurity awareness varies considerably from one individual to another.”
Getting Congressional staffers to use encryption has been easy — but pushing encryption legislation through Congress is far more difficult. Congress is currently considering several bills regarding encryption, including the Warner-McCaul bill that would form a commission of security experts and law enforcement officials to make cybersecurity recommendations and the Burr-Feinstein “Compliance with Court Orders Act of 2016” that would mandate backdoors in encryption.
Lieu says he would oppose backdoor mandates like those proposed in the Burr-Feinstein bill. “As a recovering computer science major, it is crystal clear to me that you cannot build a back door only for law enforcement. Hackers or criminals or terrorists will eventually figure out the vulnerability,” Lieu says. “We have already seen the consequences of no encryption or weak encryption: massive cyber attacks that have harmed US national security and American consumers. Now is not the time to weaken encryption with back doors; rather we should be trying to strengthen encryption as much as possible and get more people to use it.”
He said the best approach for Congress is to rally behind the Warner-McCaul bill, which he co-authored. The bill is opposed by civil liberties groups who argue that the commission would merely re-open questions that have already been asked and answered. The American Civil Liberties Union and the Electronic Frontier Foundation have instead rallied around the working group approach championed by the House Energy and Commerce and Judiciary Committees.