House Republican: US just as focused on data security as Europe
LAS VEGAS — Rep. Will Hurd (R-Texas) said Sunday that Europe can’t pretend to be more idealistic on privacy issues than the U.S. while many of its nations try to enact laws limiting encryption.
Hurd is one of a sturdy number of legislators — including a bipartisan House Judiciary working group on encryption — that opposes laws allowing law enforcement agencies to access all encrypted data in the United States. Proponents believe access would help prevent and solve crime, including terrorist-related activities.
“Europe likes to act like they take privacy more severely than we do. That is patently false,” he told The Hill at the DEF CON cybersecurity conference in Las Vegas. “This notion we don’t take this seriously in the U.S. is wrong.“
Current encryption methods make it impossible for law enforcement to access chat apps or files from criminals in a timely manner, even with a warrant. Various U.S. law enforcement agencies have waged periodic efforts to force manufacturers to provide some form of access.
European nations including Germany and the United Kingdom have either enacted or are poised to enact these types of rules.
“The terrorism challenges in Europe are really kind of tough, and they may lead the way and carry some of our water on this,” said Acting Assistant Attorney General for National Security Dana Boente at the Aspen Security Forum earlier this month.
But cybersecurity experts — people who design secure communication systems and those who develop techniques to hack into those systems — universally believe that adding “backdoors” into encryption is a substantial national security threat. Adding new entry points into encryption makes its design far more perilous and far more likely for the system to be cracked by hackers or for the keys to be stolen.
“We should be making encryption more secure, not less,” Hurd said.
European Union courts struck down exemptions allowing the U.S. to store European citizens’ data on stateside servers based on privacy concerns. But, claimed Hurd, the threats to privacy caused by an encryption rule demonstrated the EU’s true colours when it came to privacy.
Hurd has experience in security issues both as a former CIA agent and as a former security consultant, including a stint at a cybersecurity consultancy.
He said his trip to DEF CON was, in part, to keep his knowledge of cybersecurity “from becoming stale.”
“DEF CON is the pointy end of the spear. These are the folks that are thinking about the real problems,” he said.
DEF CON is the last of three cybersecurity conferences held back-to-back to back in Las Vegas each summer. While the other conferences are targeted to corporate cybersecurity providers or a more general security audience, DEF CON appeals to iconoclastic, individual researchers often on the bleeding edge of the field.
“Being out here gives me perspective on where policy needs to go,” Hurd said.
Hurd and fellow congressman Rep. Jim Langevin (D-R.I.) gave one presentation on Saturday and will give a second on Sunday. Those are two of the five panels being given by current government officials.
“I want the people here to know that there are people in government that care about this stuff,“ Hurd said.
He said he had visited a number of DEF CON sub-conferences, known as villages, including ones focusing on hacking voting machines and automobiles, both of which he praised.
Hurd has focused on other cybersecurity issues while in office including IT modernisation and workforce shortages. He said he was excited to see children as young as nine at the conference learning to hack and hopefully preparing to fill a widening skills gap of cybersecurity talent.