Over the past month, Americans across the country have adapted to a new reality of life, which includes social distancing to curb the spread of COVID-19. For those fortunate enough to be able to do so, that means learning to work, attend educational classes and socialize from afar using the Internet. For a huge number of Americans, social distancing means little to no work – and even greater uncertainty. Businesses, schools and government entities everywhere are asking the same question, “can we perform our work online and, just as importantly, can it be done securely?”
As Congress acts to respond to COVID-19, it faces a similar challenge. With some Congressional members and staff testing positive for COVID-19, and others choosing to self-isolate, lawmakers are exploring whether they can perform the most critical aspects of their office remotely – deliberation and voting. For Congress to be able to vote remotely on legislation, measures to ensure the integrity of these communications is critical. If even one vote is changed or blocked by a criminal or foreign adversary, the legitimacy of congressional decisions, and thus Congress as a whole, will be called into question. Any digital voting solution would need to rely on strong encryption to be secure.
Encryption is a critical tool to provide confidentiality and integrity to digital communications. Encryption enables much of the flexibility needed for staff to work from home securely during social distancing. End-to-end encrypted messaging like WhatsApp, Signal or iMessage, and voice or video calls allow staff to discuss sensitive topics without fear of eavesdroppers. Encryption also secures everyday digital activities like payroll, human resource management, and file sharing. For Congress to legislate effectively while staying healthy during this pandemic, the security provided by encryption will be key. When reaching across the aisle, especially necessary in times of crises, staffers and legislators must be assured that politically sensitive discussions remain confidential – even when those conversations happen over the Internet. And while congressional votes are public information, a remote voting system must ensure that congressional members’ votes aren’t tampered with, and in case they are, make it clear that tampering has occurred.
A new bill introduced by Judiciary Committee Chairman Sen. Lindsey Graham and Sens. Richard Blumenthal and Dianne Feinstein, puts the security provided by encryption under threat, and therefore, weakens the country’s ability to work, learn and govern while we aren’t able to conduct business as usual. This bill, called the “EARN IT Act of 2020,” would make changes to Internet intermediary liability rules in the United States and could force companies to modify their services for law enforcement to gain access to encrypted user content for various services – or become liable for the actions of all their users. But the consensus among cybersecurity experts is clear: there is no way to provide exceptional access to encrypted communications for law enforcement without making all of its users more vulnerable. Any way for law enforcement to get in could be found by criminals or foreign adversaries, and used for their own purposes.
As the country faces an unprecedented challenge, we all must be practical, flexible and energetic. We need to ensure Americans have the tools they need to successfully do their job remotely and securely, especially if that job is a member of Congress – that means not passing legislation that can undermine strong encryption practices.
Image by Simon Abrams via Unsplash