How much power should the U.S. government have to compel technology companies to help it access their users' encrypted information? Last year’s dramatic showdown between the FBI and Apple fizzled before the courts could shed light on the answer, but the contentious debate is bound to flare up again before long in Washington. What might the next round have in store?
Recommended for You
There is still a problem, according to law enforcement officials: the use of encryption is becoming more widespread, and products that do not allow even the providers themselves to access encrypted data, like Apple’s iOS, unreasonably hinder investigations.
The government could again decide to go head-to-head in court with Apple and try to force the company to help investigators access an encrypted device as it did with the iPhone of one of the San Bernardino shooters last year. If the FBI wants to avoid re-litigating the prior dispute, it could instead target an encrypted messaging or e-mail service, applications that use a different form of encryption.
End-to-end encryption, an approach used by WhatsApp, iMessage, Signal, and others, prevents service providers from being able to read and hand over people’s messages like is possible with conventional e-mail and chat services. Similar to how it tried to get Apple to build custom software that would help investigators access data stored on an iPhone, the FBI could try to compel a messaging service provider to provide some sort of technical assistance to help investigators read encrypted messages, says Andrew Crocker, staff attorney at the Electronic Frontier Foundation. The New York Times reported last March that the Justice Department was “privately debating” how to approach a standoff with WhatsApp over encryption.
The next big encryption-related legal fight will not necessarily play out in public, though, notes Crocker. The government could try to obtain a court order that prevents a company from speaking about a request by arguing that secrecy is necessary to stop a terrorist attack, for example. Pressuring Apple in public did not work out that well for the FBI because Apple was able to garner public support and the backing of privacy and civil liberties advocacy groups including the EFF.
Perhaps it is more likely that the next high-profile encryption debate will happen not in court but in the new Congress. Near the end of Obama's presidency, the White House backed down from its position that law enforcement should get exceptional access to encrypted information, concluding it was not possible without risking exposure to cybercriminals.
Donald Trump, meanwhile, called for a boycott of Apple products when the company refused to help the FBI. His pick to head the Justice Department, Senator Jeff Sessions of Alabama, believes it is “critical that national security and criminal investigators be able to overcome encryption.”
Broad proposals focused only on expanding government access to encrypted data will likely face strong opposition from lawmakers on both sides of the aisle, however. In December, a bipartisan “encryption working group” made up of influential members of the House of Representatives published a report concluding that Congress should not pass legislation that weakens encryption because such a law would work “against the national interest.”
The report cited cryptographers and computer security experts who say it's not feasible to develop systems that give law enforcement exceptional access to encrypted information without also introducing undue risks to the security of all users of the technology. The report also pointed out that a U.S. law that compromises encryption would likely cause users to shift to foreign-made products.
“There is no one-size-fits-all solution to the encryption challenge,” wrote the report’s authors, which include the respective chairs of the House Judiciary Committee and Energy and Commerce Committee. They encouraged Congress to explore ways to help law enforcement take better advantage of the useful data that is already available, as well as tools like “legal hacking,” and to foster more coöperation between law enforcement and technology companies.
Hear more about security from the experts at the EmTech Digital Conference, March 26-27, 2018 in San Francisco.Learn more and register