A now-vacated hearing over whether to require Apple to undermine the security of its users prompted an ongoing controversy over government access to encrypted devices.
While a federal court in San Bernardino may never rule on the flood of arguments supporting Apple's defense of user security, observers—especially members of Congress—should pay close attention to a few themes that have emerged in the public debate.
The FBI’s withdrawn demands would have created new threats with dangerous implications for millions of people.
Policymakers who understand those themes will reject reported legislation that would mandate backdoors in your technology, or otherwise force tech companies to ensure the FBI's access to everyone's communications. Senators Dianne Feinstein, D-CA, and Richard Burr, R-NC, have threatened to introduce a proposal along those lines, which would place millions of people at risk, overlook several key facts, and resign a need for long overdue—and increasingly vital—transparency into law enforcement excesses.
First and foremost, we should be disturbed by FBI officials repeatedly discounting the potential harms that their demands could have caused.
For example, claims that the powers sought in San Bernardino would be applied to a single phone in a single investigation into a particularly heinous crime were proven false within days. Prosecutors in cities from coast-to-coast confirmed that they plan to seek similar orders circumventing the device encryption on hundreds of phones in cases completely unrelated to terrorism.
Those officials have thousands of counterparts across the U.S. who would, if able, follow closely behind them. Creating master keys to circumvent device encryption would leave no user of that platform—or any other platform—safe, should the law change to allow government investigators the power to force any company to essentially hack their users.
And that's just the U.S. government. What damage a master key could do in the hands of Chinese, Iranian or Israeli intelligence operatives is anyone’s guess. Quite frankly, the bureau should know better.
Second, this is not a new issue. For years, government agencies have sought the power to circumvent encryption. Congress denied that authority when legislators closely examined encryption in the 1990s, and decided in the Communications Assistance to Law Enforcement Act (CALEA) to require telecom companies to provide assistance to investigators—but not to require them to create new security vulnerabilities that did not before exist.
Also curious is the timing of the request. The phone in San Bernardino was in the hands of investigators for two months before the government appeared in an ex parte (one-sided) proceeding and claimed the need to force Apple to create dangerous new code to assist its investigation.
That demand came just one week after FBI Director James Comey was pressed by senators in an oversight hearing to defend his claims that encryption is blinding investigators and undermining their ability to do their work. And the bureau's decision to vacate its earlier demands came just one day before the government would have been required to substantiate claims it had previously made only in ex parte hearings.
Senators who last month challenged Comey’s claims did so with good reasons. Contrary to claims by law enforcement officials, observers from national security agencies have agreed that, in fact, government investigators enjoy rapidly proliferating opportunities to monitor suspects in legitimate investigations.
Intelligence officials have also agreed, contrary to claims by investigators and prosecutors, that encryption keeps us safe. That is why, according to the former head of both the CIA and NSA, the order sought by the FBI represents a government agency’s confused attempt to gain a tactical advantage (the ability to access more data) at the expense of a far greater strategic cost (undermining the security of a device platform used by millions of people).
Let’s be smart about that cost, because it’s a big part of why Apple is fighting tooth and nail to protect its users in the first place. The sad reality is that 3 million smartphones are stolen every year in the U.S. alone, and far more are lost or misplaced.
That means millions of Americans have at some point lost control over their personal financial transactions, intimate conversations, and revealing photos by losing their phones or falling prey to theft.
Stolen phones have been used to commit identity theft, blackmail, and fraud. They’ve enabled revenge porn—much of which is posted by data thieves—with devastating emotional effects on the people depicted in images revealed without their consent.
Stolen phones can endanger journalists and human rights activists who work in authoritarian countries or, for that matter, even here in the U.S. Many whistleblowers, when risking their careers to do the right thing, have relied on encryption to keep themselves safe when collecting evidence of government abuses.
Stolen phones can also expose LGBTQ people who remain in the closet because their communities would be hostile were they more open. Around the world and, unfortunately, even in the U.S., losing your privacy can make you unsafe.
These remain real problems. Encryption offers a real solution. It’s worth fighting for.
Speaking at South by Southwest, President Obama proposed a compromise, wishing for a solution that would, for better or worse, require a new discovery in mathematics in order to become possible. Ultimately, there can be no compromise with math.
We care as much about national security as anyone else. But what investigators sought would not make anyone safe. As a matter of (perhaps unfortunate, but inescapable) fact, the FBI’s withdrawn demands would have created new threats with dangerous implications for millions of people.
Transparency and Oversight
Finally, this latest controversy highlights once again the need for meaningful congressional oversight. Led by a few members, Congress has convened a new commission to study encryption. But as long as investigatory bodies are proliferating, one should be mandated to do what the House and Senate intelligence committees were created, but have repeatedly failed, to do.
Congress must finally investigate the federal intelligence and law enforcement agencies, reform the bloated and dysfunctional classification system, and enforce at least a modicum of meaningful transparency so the public can know what our government is doing to us.
We know what that kind of oversight can accomplish. In the 1970s, robust investigations by the Church and Pike Committees exposed severe abuses of power spanning several decades.
During the infamous COINTELPRO era revealed by those committees’ investigations, the FBI actively worked to suppress the movement for equal rights for women, directed violence toward the civil rights movement, placed provocateurs in the movement to end the war in Vietnam, and conducted a character assassination campaign targeting a world-historic leader we now appropriately honor as a national hero.
Those abuses might still be secret if a handful of committed people hadn’t broken into a government facility and taken to Congress the files they found, or if Congress hadn’t been willing to launch meaningful investigations as a result.
The domestic surveillance disclosed by Edward Snowden in 2013 should have prompted similar investigations. Snowden’s revelations principally addressed the NSA, but also included reflections of constitutionally suspect operations by other agencies, including the FBI. Indeed, since Snowden came forward, bureau officials have gained further access to data collected by NSA counterparts. But Congress still refuses to launch a comprehensive and public investigation into these operations.
We’re all interested to know everything that happened in San Bernardino. As the battle over encryption shifts to Congress, we hope that lawmakers will grow equally interested in finally learning what’s happening at the J. Edgar Hoover Building in Washington, D.C.
Before withdrawing them this week, the FBI made demands that threatened the privacy, security, and even the lives of millions of people who’ve done nothing wrong. Before contemplating whether to expand the bureau’s powers even further, Congress should finally explore how they’re already being abused today.
This post was originally published by TechCrunch on March 24, 2016, and reprinted with permission.