Privacy bosses at both Facebook and Google said Wednesday that U.S. government efforts to find ways to pierce encryption technology could undermine users’ rights and make law enforcement less accountable for its actions.
Their comments came a day after the White House cybersecurity czar and the U.S. secretary for homeland security both said encryption was hobbling law enforcement and that the government needed ways around it (see “White House and Homeland Security Department Want a Way Around Encryption”).
Those ambitions have already been roundly criticized by cryptography experts, on the basis that a mechanism designed to let in the U.S. government could be exploited by others.
Keith Enright, Google’s chief privacy officer, told MIT Technology Review at the RSA security conference Wednesday that such tools could also undermine the accountability of law enforcement officials seeking access to private data.
Google, like many other companies, encrypts data as it moves around the Internet and its internal systems. It also has a team dedicated to fielding requests from law enforcement agencies, which must generally provide a warrant or other legal documentation authorizing access to a particular person’s data. If law enforcement or other agencies could decrypt data for themselves, they might be able to avoid that process, Enright warned.
Enright added that a lack of transparency in government access to user data is already a problem. “Law enforcement has been overreaching,” he said. “We want to drive as much transparency for law enforcement access as possible.”
Google has lobbied for the right to disclose more information about government requests for user data. The company has also widened its use of encryption since the former intelligence contractor Edward Snowden disclosed that the National Security Agency developed ways to secretly collect Google users’ data.
Facebook’s director of privacy, Erin Egan, also at the conference, echoed Enright in opposing any new mechanisms that could make government access to user data less transparent.
“The trust of the people that use our services is paramount,” said Egan. “Anything antithetical to that we’re not going to be okay with.” She pointed to an online post by Facebook CEO Mark Zuckerberg after the Snowden leaks, in which he complained about U.S. government attempts to harvest data secretly.
Trevor Hughes, CEO of the International Association of Privacy Professionals, believes that most Internet companies would be similarly wary of any program or technology that gave the U.S. government a way to beat encryption.
The bad press that has affected companies targeted by NSA surveillance has inspired many to be more stringent in checking that the government requests they receive are valid, Hughes said. And protecting customer privacy has come to be seen as a competitive necessity. “Differentiation based on better privacy and encryption is in the marketplace today, and I think it’s going to increase,” he said.