The congressional panel investigating the Jan. 6 insurrection could soon face an obstacle familiar to law enforcement: the popularity of encrypted communications.
The committee dramatically escalated its inquiry last week, sending dozens of requests to social media and telecommunications companies asking them to hold onto individuals’ communications data related to attempts to overturn the 2020 election and the Jan. 6 Capitol siege. That includes a politically fraught bid for House Minority Leader Kevin McCarthy’s phone records.
Several of the companies that received preservation requests from the panel said they would comply to the best of their ability. Clint Smith, the chief legal officer at the chat platform Discord, said in a statement the company condemned the Jan. 6 violence and would “cooperate fully as appropriate.” Rumble, a video platform popular with conservatives, said it would comply “with all valid law enforcement and investigative requests.”
But the encryption used on many of those services will limit the amount of data the select committee is able to gather if it does make a formal request or issue a subpoena for the actual messages, experts say.
“They’re not going to get everything,” said James Lewis, senior vice president and director of the Strategic Technologies Program at the Center for Strategic and International Studies, of the select panel.
A spokesperson for the select committee declined to comment on the encryption question.
Companies like the encrypted messaging app Signal “don’t have the ability to provide” records or contents of individuals’ messages because of the end-to-end encryption their services use, Lewis explained. On the other hand, the committee would likely be able to get phone records from telecommunications companies or unencrypted emails like those sent through AOL or Gmail, he said.
Google confirmed it received the committee’s letter and said it is “committed to working with Congress on this.” Twitter, which also doesn’t use encryption, declined to comment.
ProtonMail, an end-to-end encrypted email service, said in a statement that the company’s use of “zero-access encryption means that we do not have access to the message content being requested” and that Swiss law prevented the company from sharing information from U.S. authorities.
Apple’s guide for law enforcement also makes clear what the company is capable of disclosing: “iMessage communications are end-to-end encrypted and Apple has no way to decrypt iMessage data when it is in transit between devices. Apple cannot intercept iMessage communications and Apple does not have iMessage communication logs.”
Snap, the maker of Snapchat, said it received the panel’s request but noted that its data is permanently deleted soon after being viewed. Even Facebook, despite criticism of its user privacy policies, has offered end-to-end encryption of chats conducted on its Messenger and WhatsApp platforms.
Asked about encryption of the data the committee is seeking, Facebook spokesman Andy Stone said only: “We have received the request and look forward to continuing to work with the committee.”
Cracking the encryption “is really just a question of time and money. And most people don’t have what they need to do it,” said Lewis, the CSIS expert.
The tension between law enforcement’s needs and users’ online privacy has spiked in recent years amid high-profile cases like the 2015 mass shooting in San Bernardino, Calif., which prompted the FBI to sue Apple to try to force the unlocking of an iPhone linked to the attack. After Apple refused to help the FBI, citing user privacy concerns about the creation of a backdoor into its devices, the agency hired a private firm to unlock the specific iPhone in question.
A former FBI official, who spoke on condition of anonymity to discuss the sensitive topic, said the select committee investigators shouldn’t hold their breath about accessing encrypted data related to their inquiry. It would be a tough sell to a court, the official said, which would have to weigh how compelling a need there would be for the data and how burdensome it might be for the company to provide assistance to the committee.
As advocates see it, the preservation of privacy and security is most important to protect users from potential overreach — even when the ultimate purpose of an investigation relates to a domestic extremist attack such as the Jan. 6 insurrection.
“Law enforcement will grasp at any excuse to attack this technology that keeps people safe. But there is no way to create a backdoor that’s only for the good guys, and not for the bad guys,” said Evan Greer, director of the digital rights nonprofit Fight for the Future.
The potential request for McCarthy’s data and that of other Republicans has sparked outrage on the right even ahead of any actual requests for that data. McCarthy has threatened retaliation against any companies that comply with the select panel and said they would be breaking the law if they supplied records to the committee, though it is unclear which law he argues tech firms would be breaking.
Jan. 6 investigators have expressed interest in calls made by McCarthy and other Republicans to former President Donald Trump on the day of the Capitol assault as they ramp up their investigation into the role Trump and his allies may have played.
Betsy Woodruff Swan and Alexandra S. Levine contributed to this report.