FBI Director James Comey had some choice words this week for startups and technology companies about their increasing use of encryption and their responsibilities to law enforcement. Speaking at Brookings, Comey argued that “…if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place.”
He specifically named Apple and Google as companies challenging the FBI in its pursuit of criminals. “Both companies are run by good people, responding to what they perceive is a market demand. But the place they are leading us is one we shouldn’t go to without careful thought and debate as a country.” He argued that the FBI is not looking for backdoors, but rather “We want to use the front door, with clarity and transparency, and with clear guidance provided by law.”
As the debate over end-to-end encryption heats up, there is a fundamental question at work: What loyalty do companies like Google, Apple, and Facebook have to the U.S. government?
After all, working with law enforcement used to be easy when customer records were in manilla folders in warehouses, and even remained easy in the early era of cell phones. Now, with U.S. government agencies actively hacking the cloud infrastructure of America’s top technology companies, the line between legal and extralegal activity is not so easy to discern.
Indeed, Comey’s request for transparency is precisely what the world has been clamoring for ever since the Snowden revelations revealed just how cavalier the U.S. government had become in treating the personal communications of American citizens (let alone citizens in other countries). Comey leads the country’s top law enforcement agency, and as such, he is looking to create the due process needed to bring criminals to trial, and ultimately, to put them behind bars. Most American citizens and companies are not opposed to this use case.
The challenge is that so long as companies hold consumer data, they are a target for all kinds of difficult security situations. End-to-end encryption isn’t just good marketing for technology companies peddling their services to wary consumers, but also a means to absolve these companies from having to deal with the very real politics at the heart of data and national security.
Given that shareholder value is the metric by which we judge companies on the markets, it shouldn’t be surprising that companies have responded by trying to be seen as above local politics. International markets represent an enormous portion of revenues for many of America’s elite technology companies, sometimes even a majority. Google’s share of international revenues was 54% in 2012, and has increased to 58% this year. International markets accounted for roughly 42% of Cisco’s revenues, and even ecommerce companies like Amazon get about 40% of their sales from overseas.
A strong technology industry is fundamentally good for the United States, and a government that supports an open internet is fundamentally good for technology companies.
The concerns of citizens in other countries about their privacy has put these companies under the microscope. Apple has launched an entire product page devoted to privacy, and the company also posted a personal letter from CEO Tim Cook adamantly arguing that it will not cooperate with government requests for information, “And we never will.” Other companies have made similarly strong statements in recent weeks.
These companies know that the closer they get to the U.S. government, the farther they become to their largest source of growth. China has spent billions of dollars building up its internet firewalls, in addition to developing policies that make it effectively impossible for Western internet companies to compete in its market, let alone function at all. Today, Facebook, YouTube, Twitter, and even Wikipedia are all blocked in China. Such websites are also frequently blocked in countries like Iran.
But it isn’t just authoritarian regimes that put in place such policies, but democracies as well. South Korea, by many standards the leading internet society in the world, has also developed a policy system that prevents foreign tech companies from competing effectively. Uber had massive issues during its launch in Seoul since it allowed its users to maintain their credit card information on file. A few years ago, Google had to shut down its Maps services in the country, since maps are considered national security data and therefore cannot be processed on servers outside of South Korea.
This puts America’s technology companies in a real predicament. While they want to remain above the local politics in all the countries that they operate, a combination of protectionism and national security concerns may just prevent them from competing in many of them at all.
That’s why tech companies shouldn’t ignore U.S. policy, but should rather help shape it, since both sides fundamentally agree on the value of the open internet. America built the internet, and it was designed for decentralization and not for control right from the start. As Vint Cerf, one of the internet’s fathers, said in a letter to Congress a few years ago, “By placing intelligence at the edges rather than control in the middle of the network, the Internet has created a platform for innovation.” This model is fundamentally democratic, and so the United States intrinsically benefits every time a country uses it.
Indeed, this sort of nuanced view about the technology industry took a while for agencies like the NSA to understand. For decades, the agency fought the export of computing equipment, arguing that it allowed foreign governments access to technologies that made surveillance more difficult.
But the decline in the financial health of the computing industry in the early 2000s created new alarm in the agency. There were deep worries that export controls might harm local manufacturers against foreign competitors, eventually forcing the NSA to become dependent on foreign manufacturers for computing power as American companies declined. Such concerns are still present in the case of China-based Huawei, which the United States is very concerned about since it is successfully competing against domestic networking companies like Cisco.
We are seeing echoes of this same battle today over encryption. Is it better to have Google’s services be secure and used all over the world, or have backdoors and exploits that make surveillance easier, but at the cost of losing control over much of the world’s information?
To me, the answer is obvious. A strong technology industry is fundamentally good for the United States, and a government that supports an open internet is fundamentally good for technology companies. We just have to come to an understanding of what the rules of the game are. We need to ensure that these rules have due process, and that companies are required to disclose adequate accountability data to verify the privacy of consumers throughout the world.
And despite what companies argue about end-to-end encryption, most tech companies still require access to their user’s data in order to present web pages, display custom ads, and sell services to them. So I am less believing that this model of encryption is going to become the de facto standard anyway.
We shouldn’t expect companies to be loyal to the U.S. automatically, but such loyalty may well be in the best interest of all parties, from consumers to companies. Engaging with U.S. policymakers and making the case for what rules should apply to encryption is the first step to a better and safer internet for all of us.