Over the past several weeks, we have witnessed an intense debate over cybersecurity and privacy, revolving around the USA Freedom Act. A badly divided Congress, finally—in a rebuke to Senate Majority Leader Mitch McConnell (R-KY) and other defenders of the status quo—mandated the end of the so-called NSA metadata (bulk collection) program that swept up data on the dates, times and location of phone calls. The battle over the NSA metadata program, however, is only the first of what are likely to be a series of clashes over the balance between security and privacy.
Looming as the next faceoff is the conflict over encryption and the moves by a number of US technology companies to protect their customers against hackers, whether private or public. In the US, the current skirmish was precipitated by announcements from Apple and Google that they were installing encryption protection in their cellphones that would allow only users—and no outside individual or public official—to unblock the devices. Text messaging services such as WhatsApp and iMessage have followed suit.
FBI Director James Comey has taken the lead in strenuous opposition to the encryption moves, denouncing “companies that are marketing something expressly to allow people to place themselves beyond the law.” Following up, last week FBI Assistant Director Michael Steinbach warned a congressional committee that crime groups and terrorists organizations such as ISIS were “going dark” with encryption, heightening the chance that future attacks would go unmasked. House Homeland Security Committee Chairman Michael McCaul (R-TX) responded by labeling the use of encryption a “threat to the homeland.”
Thus far, US tech companies are defiant and determined to increase encryption applications to their technologies. Google’s Eric Schmidt argued that the security agencies had only themselves to blame: “The people who criticized this are the ones who should have expected this.” And Apple CEO Tom Cook recently delivered an impassioned defense of encryption, labeling attempts to undermine encryption “incredibly dangerous.”
The companies make two arguments. First, technologically, there is no way to introduce “backdoors” for the government without allowing criminals or terrorists to exploit the same flaws. Second, they argue that the government has a number of alternatives: much cellphone data is now stored in the providers’ cloud services and can be retrieved; legal wiretaps of smartphones are not affected; and finally, officials can still retrieve real-time phone records and logs of text messages.
There is also an international dimension to the conflict. British Prime Minister David Cameron, new re-elected, has vowed to push through legislation that would force tech companies doing business in Great Britain to provide encryption to police and security officials or risk being banned from that country. In France, in the wake of the Hebdo massacre, new security legislation gives sweeping powers to the government to undertake a host of new tactics against future terrorist attacks. And the loose language may allow similar action against encrypted devices.
Back in the United States, the resolution of the standoff is unclear. Chairman McCaul and others have yet to push hard for legislation. And the position of the Obama administration remains indeterminate. President Obama has been equivocal. When queried insistently by the press, he responded that he sympathized with the tech companies: “They’re patriots.” But the president went on to note: “If we find evidence of a terrorist plot…and despite having a phone number, despite having a social media address or e-mail address, we can’t penetrate that, that’s a problem.” If the syntax was garbled, so was the message.