Unbreakable Encryption Poses Big Problems for Law Enforcement

Posted July 13, 2015 at 12:21pm

Among the revelations of former National Security Agency contractor Edward Snowden two years ago was that the NSA, the Defense Department’s intelligence arm, was surreptitiously tapping into the data centers of major tech companies and snooping on customer emails. It outraged the firms, Google among them, prompting upgrades to their security by encrypting more data.

That encryption has gradually improved and is now unbreakable. It’s put the government in the awkward position of having to go to the tech firms and ask them to voluntarily build weaknesses into their cyber-defenses in order to allow the government access in criminal investigations.

Given the history of government surveillance here — combined with the growing threat posed by hackers — it’s going to be a tough sell.

Top federal law enforcement officials made a vigorous case to the Senate Judiciary Committee on July 8 that unbreakable encryption is posing big problems for law enforcement.

Encryption developed by Apple and Google for the latest versions of their mobile-operating systems is rendering cellphones “essentially a brick” to law enforcement agents, said Sally Quillian Yates, the deputy attorney general. Even with a warrant, “we can’t access any of the information on that phone.”

For now, the government is playing nice. Yates and FBI Director James B. Comey say they want technology companies to voluntarily build weaknesses into their systems that will enable them to access customer emails and text messages when law enforcement agents present a warrant. Both Yates and Comey say they’re not asking for direct access to corporate servers.

But the history of NSA surveillance isn’t working in law enforcement’s favor. When Google released its latest Android operating system for cellphones last year, it said strong encryption would be available by default.

Apple, on its website, touts the security of its iOS 8 operating system. In its marketing materials, Apple says it has never consented to weaken its encryption. “We also have never allowed any government access to our servers. And we never will,” Apple says.

Neither firm would comment about Yates’ and Comey’s testimony. But in May, both firms signed a letter to President Barack Obama blasting the Justice Department position: “We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products,” they wrote, adding a request that “the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology.”

Besides their outrage over NSA surveillance, the tech firms have another big incentive to stonewall. They are also thinking about their bottom lines.

The damage to U.S. technology sales is now in the “hundreds of billions” of dollars, said Peter Swire, a professor of law and ethics at the Georgia Institute of Technology’s Scheller College of Business, because many foreigners have opted for non-American cellphones.

Yates and Comey warned that the consequences could be grave if their agents can’t tap phones. The inability to access phone data is impeding terrorism investigations, and murder and child pornography cases, among others.

“I don’t want to scare people by saying I’m certain people will die,” Comey said. “What I’m certain of is on the current course and speed, my ability to discharge my No. 1 responsibility will be materially diminished in the not-too-distant future.”

Senators seemed sympathetic to Yates and Comey, but it’s not going to be easy to get Congress to intervene. Yates and Comey said they might be forced to ask for legislation mandating weaker encryption if the technology companies refuse to help.

But the political winds are blowing in the opposite direction. Just last month, the House passed an amendment by Republican Thomas Massie of Kentucky and Democrat Zoe Lofgren of California that would bar the government from pressuring companies to weaken their encryption.

The vote, on an amendment to the Defense Department spending bill, was 255-174. Most Democrats voted aye, while Republicans were split. Among those endorsing the amendment were both conservative and liberal groups, including the ACLU and FreedomWorks, as well as Google.

On the other hand, perhaps the law enforcement warnings are having an effect. The same amendment passed last year with 293 votes. It was later removed by House leaders when they rolled the Defense spending bill into the year-end omnibus.