Distrust of tech could be encryption's Achilles heel
A Senate Judiciary Committee hearing Tuesday set up what's likely to be the most consequential national debate on encryption since the 1990s.
The big picture: The technical community's long-held consensus against weakening encryption is colliding head-on with bipartisan political hostility toward the Big Tech companies that are making encrypted communications an internet default.
Key terms to know: Law enforcement agencies see the spread of encryption as a problem they call "going dark." Most security experts view modifying encryption schemes to give government access as the creation of "back doors" that they see as inherently treacherous.
- On one side: Lawmakers and law enforcement advocates argue that the end-to-end encryption that's increasingly built into messaging platforms and mobile devices is unacceptably hampering efforts to combat terrorism, human trafficking and child abuse.
- On the other: Tech companies and privacy advocates maintain that weakening encryption for law enforcement needs also inevitably opens vulnerabilities that bad actors can exploit — including foreign governments, criminal hackers and legal authorities overstepping their bounds.
Driving the news: Senators from both sides of the aisle lit into representatives of Apple and Facebook at the Tuesday hearing, telling the companies that if they don't voluntarily find a way for the government to access the data it seeks to stop crimes, Congress will legislate one.
- New York District Attorney Cyrus Vance Jr. testified that Apple's decision to begin encrypting iPhone content by default in 2014 "effectively upended centuries of American jurisprudence holding that nobody's property is beyond reach of a court order."
- Erik Neuenschwander, Apple's manager for user privacy, told the senators that Apple has never held keys that let it access users' data, and it opposes efforts to require it to do so: "We've been unable to identify any way to create back doors that would only work for the good guys. They will be exploited by nefarious entities as well."
- Jay Sullivan, product management director for privacy and integrity at Facebook Messenger, argued that if the U.S. mandates weakened encryption for U.S.-based services, customers will simply switch to services offered by companies abroad that will be less responsive to American authorities.
Meanwhile, Attorney General William Barr has been pursuing his own campaign, launched with a speech last summer, promoting the need for back doors to encrypted devices and communications.
- In October, Barr, along with officials from DHS and European and Australian law enforcement, sent Facebook a letter requesting the company adopt such a scheme for WhatsApp and Messenger. Monday, the company responded "no."
History lesson: The U.S. government's one significant attempt at the creation of encryption back doors — the Clinton administration's Clipper Chip program, which lasted from 1993 to 1996 — was a technical and market failure.
- Each Clipper Chip had its own key that private companies held in "escrow" to hand over under government order. But the scheme wasn't mandatory, experts hated it and the industry never embraced it.
That '90s fight took place right as the formerly academic internet went mainstream, and it pitted "crypto rebels" against a government establishment, with the telecom industry caught in between.
- Today, the fight is instead between the government and a group of rich tech companies that have amassed vast power while facing a growing roster of controversies involving user privacy, failures to curb misinformation, monopolistic behavior, and accusations of bias.
Our thought bubble: We could end up with an encryption law for the 2020s that mandates some kind of updated Clipper Chip (likely via software rather than hardware) — not because anyone thinks it will work, but because lawmakers and voters of both parties have lost trust in the tech companies that oppose it.