In The Apple Encryption Debate, Can We Just Have The Facts Please?

I’m about to take a radical position in the encryption debate between Apple and the FBI: I’m undecided.

As Apple and federal law enforcement continue to hurl rhetoric about encryption, one thing has become crystal clear: today’s encryption debate is neither healthy nor well-informed.

Encryption’s role in privacy – and security – is too important for intractable opinions. A thoughtful debate is vital because Congress ultimately will need to decide whether to pass a law that provides the government with access to encrypted communications in extraordinary circumstances. Our Constitution leaves it to Congress to weigh the benefits and costs of legislation and ultimately make a policy judgment.

The encryption debate, which has been simmering for more than a year, came to a head this month after the Federal Bureau of Investigation obtained a search warrant for the work iPhone of Syed Riswaan Farook, one of the San Bernardino shooters.

Because the iPhone is encrypted, the FBI needs Farook’s PIN code to access the information. A federal magistrate judge granted the FBI’s request to order Apple to disable a feature that automatically wipes the data from an iPhone after 10 incorrect PIN attempts, effectively allowing the FBI to guess thousands of combinations until it identifies the correct PIN.

The order has sparked some of the most passionate debates about technology policy ever.  Unfortunately, both sides have shown little willingness to compromise, acknowledge weaknesses in their arguments, or present comprehensive facts about criminals’ use of encryption. That needs to change.

For instance, Apple’s supporters have framed the FBI’s actions as “a fundamental threat to our Fourth Amendment rights.”

The Apple dispute may be about a lot of things, but the Fourth Amendment isn’t one of them. Before even seeking the court order, the federal government had obtained a search warrant, supported by probable cause.

 

The Apple dispute may be about a lot of things, but the Fourth Amendment isn’t one of them.  Before even seeking the court order, the federal government had obtained a search warrant, supported by probable cause.

That’s exactly what the Fourth Amendment requires. Moreover, the phone is owned by Farook’s employer, which has consented to the FBI accessing the phone.

Supporters of strong encryption also argue that only a tiny fraction of encrypted communications are used by individuals with nefarious purposes. Moreover, they contend, even if encryption is regulated, the bad guys will circumvent those legal restrictions.

Both claims sound eerily similar to the arguments against any government restrictions of firearm ownership.  Even if 99.999 percent of all encrypted communications are harmless, we may have good reason to care about the remaining .001 percent. And should we live in a lawless society simply because we know some bad actors will break the law?

Apple’s defenders must confront the possibility that it is, in fact, theoretically possible that terrorists or other criminals will use encrypted communications to launch a devastating national security attack. They then must demonstrate to the public and lawmakers that despite this possibility, it nonetheless is in our nation’s interests to protect privacy by not allowing any limits on encryption.

Critics of strong encryption also must address the weaknesses of their arguments.  After the 2014 hacks of millions of federal employees’ background check applications at the Office of Personnel Management, it is understandable that many Americans would be concerned with the government having access to any technology or keys that could reveal their encrypted communications.

Law enforcement needs to demonstrate to the public that it is possible to allow the government to have limited and exceptional access without compromising the security of encrypted communications.

 

Law enforcement needs to demonstrate to the public that it is possible to allow the government to have limited and exceptional access without compromising the security of encrypted communications.

The government obtained the Apple order under the All Writs Act, an arcane law that allows courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Law enforcement must reckon with the reality that this law – first passed in 1789 and signed into law by George Washington – is not a fair way to address one of the greatest technology policy challenges of our time.

Instead, Congress must decide whether to pass a law allowing law enforcement to have limited access to encrypted communications. That is Congress’s job.  To make an informed decision, Congress should hold hearings to gather facts about encryption.

This month, Manhattan District Attorney Cyrus Vance stated that encryption is preventing his office from accessing 175 phones in criminal cases; such anecdotal data is a good first step, but comprehensive, nationwide information would be even more useful: How many crimes or acts of terrorism have been aided by encryption?

Are there any arrangements that would allow law enforcement to have extraordinary access to encrypted communications without compromising security, such as by ensuring that any keys or software remain in the possession of the companies? Does law enforcement have methods of obtaining encrypted information without requiring assistance from the companies?

Instead, Congress must decide whether to pass a law allowing law enforcement to have limited access to encrypted communications.

Maintaining a thoughtful public debate about encryption will be difficult. Last year, after Deputy Attorney General Sally Quillian Yates and FBI Director James Comey told a Senate committee that encryption was making their jobs more difficult, they received massive backlash across the Internet, and a few months later, Comey told another congressional committee that the administration was no longer seeking a legislative remedy.

Both sides should promote a robust discussion with the likes of officials such as Yates and Comey, technology executives such as Apple CEO Tim Cook, privacy advocates, and others who can provide facts that will inform this vital debate.

It is encouraging to see some policymakers laying the groundwork for a thoughtful debate.  Sen. Mark Warner, D-Va., and House Homeland Security Committee Chairman Michael McCaul, announced on Wednesday legislation that would create a 16-member commission to study digital security — including encryption — and make recommendations to Congress.  This is exactly the sort of informed deliberation that we need for such an important issue.

I don’t know whether I would support a law that provides limited access to encrypted communications.  That’s because I don’t yet have enough facts to come to a final conclusion on the policy that is in the best interests of the United States. I hope other like-minded Americans will join me in my call for more facts and less blather as we answer many difficult and fundamentally important questions.

Apple vs FBI