The war of words over encryption continues apace with no end in sight. On Wednesday morning FBI Director James Comey loudly proclaimed he expects to clash with technology companies like Apple in future court battles over encryption. Then, just hours later, Manhattan’s top prosecutor urged Congress to settle the encryption issue with a new law, a move that could reshape the market for American mobile devices and messaging apps, as well as the privacy of the people who use them.
Cyrus Vance, the District Attorney of New York County and one of the most vocal opponents of robust consumer encryption, believes lawmakers shouldn’t wait for potential encryption cases to wind their way through the courts. Instead, with urgency, he is lobbying members of Congress to support legislation that would force tech companies to maintain the ability to decrypt the data of their consumers on demand, with a judge’s approval.
“What we’re doing is talking to political leaders,” Vance told a Washington audience at the Council on Foreign Relations Wednesday evening. “To try and convince them that they should address this with federal legislation. I think that has to be the solution.”
For companies like Apple and WhatsApp, default end-to-end encryption, a feature that allows only the intended recipients to read messages, enhances the security of their devices and services, protecting private, personal data from thieves and malicious hackers. With such encryption measures in place, not even the companies who build these devices and services have access to the secure data stored on them.
But for Vance, strong encryption creates “warrant-proof devices” — a space in which criminals can conspire and do harm without fear of being monitored by law enforcement. Vance believes default consumer encryption denies police and prosecutors a wealth of electronic evidence essential to building cases against suspects.
“We now live in a world where we are not getting all the facts,” Vance argued Wednesday evening. “Many of the facts are on smartphones, because criminals, just like you and me, have moved off paper and onto digital devices.”
Vance said that his office possesses 230 Apple devices that remain locked and inaccessible to law enforcement, in cases including homicide and child abuse. That number has jumped, since February, when Vance reported that 175 Apple devices were inaccessible to his office. Gaining lawful access to encrypted devices should be similar to other types of government searches — of homes, cars, and safety deposit boxes — he said. But even with a court order, Apple cannot produce in a readable format the information contained in its most current iPhones and operating systems.
In an unprecedented move that captured the nation’s attention earlier this year, the FBI and the Justice Department attempted to force Apple to help investigators bypass the encryption on an iPhone 5c used by one of the San Bernardino terrorists. In February, the government sought a court order compelling Apple to design new security-suppressing software to defeat its own encryption. Apple challenged the Justice Department in court, however, arguing that the software would undermine the security of millions of iPhone customers. The case was ultimately resolved, but not truly settled, as an unidentified outside party showed the FBI how to penetrate the device, prompting the government to withdraw its case against Apple.
Relying on outside hackers to help the government crack encrypted devices is unworkable, Vance has said, both in cost, and because of the sheer number of devices from which the government seeks data. Since October of last year, the FBI has examined 4,000 devices, and roughly 500 of those remain locked, according to the agency’s chief, James Comey.
But critics of encryption legislation point to the risks that weaker security features would pose to the public, and to the global nature of encryption technology.
“The U.S. has no monopoly on the technology,” said Adam Segal, director of the Council on Foreign Relations cyber and digital program. “Even if we were to [decide] that we are going to ban certain types of encryption, it will be developed in other places.”
Michael Chertoff, the former secretary of the Department of Homeland Security, who founded his own security consulting firm, also believes encryption legislation is misguided. “Maybe it should be impossible to delete your email,” he said. “Maybe there should be a rule that you can never shred a piece of paper.” Chertoff described the current debate over encrypted communication as just the latest “species of a problem” related to law enforcement’s legitimate need to collect evidence. But that problem should not be solved at the expense of weakening digital security, he said.
While Comey and the Justice Department continue to search for a remedy to the crisis they see developing around encryption, it’s unclear how effective Vance’s efforts to persuade Congress will be. The businesses of Silicon Valley, civil liberties groups, and privacy-minded lawmakers are united in their opposition to any legislation that would weaken American encryption.
One bipartisan approach that has also gained tech industry approval, including Apple’s, is an effort to study the issue of encryption in more detail, culminating in a set of policy recommendations for lawmakers.
But Segal expressed skepticism that a reasoned policy debate on secure communications could develop if a culture of fear were to take hold following another terrorist attack. “You can imagine an event that happens here, or in France, or in Britain that would totally shift the debate and people will rush to make a law so this won't happen again,” he said.
Vance seized on that line of thought, and pressed the urgency of his case. “If that happens, that law is going to look a lot worse for Apple and Google than the law that we could perhaps move forward to — if we sat at the table and sorted this out.”