Apple is fighting a court order compelling it to help the FBI access the iPhone of one of the San Bernardino terrorists. It is not being asked to design a vulnerability in its encryption, which critics call a “backdoor,” but if it complies and writes code to let the FBI flood the phone with password guesses, it could set a precedent that the government would use to demand new and different kinds of technical access.
The broader debate about whether tech companies should design their encryption to guarantee investigators access to data has galvanized Sen. Ron Wyden (D-Ore.) and Rep. Zoe Lofgren (D-Calif.), who told the Daily Dot on Monday that they were going to hammer the issue home with colleagues now that Congress was back in session.
“For me, the core issue is backdoors are losers,” Wyden said. “There are going to be all kinds of complicated discussions about technical issues involving operating systems and the like. But this is the central question.”
“[T]he consensus in the Congress seems to have been that it is a mistake to put backdoors into encryption.”
Lofgren, who co-sponsored two amendments that would have banned backdoor mandates (they both failed in the Senate), seemed optimistic, saying that “the consensus in the Congress seems to have been that it is a mistake to put backdoors into encryption.”
“In the discussions that I’ve had,” Lofgren said, “I think there is a growing realization, among members of the House on both sides of the aisle, that encryption is ubiquitous; that if you want to use encrypted communications, there are apps that you can use that are well beyond the capacity of the American government to govern; and that it’s not possible to control the use of encryption.”
Some senior law-enforcement and intelligence officials argue that tech companies have an obligation to implement such guaranteed-access systems because terrorists are using their encrypted products to hide their planning. James Comey, the FBI director, has criticized Apple in particular for using unbreakable encryption, warning that criminals and terrorists are “going dark” on such platforms.
But leading technologists and some former national-security officials point out that a backdoor mandate would only push terrorists to foreign platforms outside the reach of U.S. law. Backdoors also create new vulnerabilities that hackers and foreign intelligence services could exploit.
“If criminals and hackers can get [Americans’] information, because strong encryption has been gutted by their government, those criminals and hackers can use [the vulnerability] to hurt Americans,” Wyden said. “And I don’t think the American people are going to react very well to that kind of policy when people really break this down in the way I’ve described.”
Congress is considering a range of solutions to the pernicious encryption debate. Sen. Mark Warner (D-Va.) and Rep. Mike McCaul (R-Texas) are planning a commission to study the issue, an idea that both Apple and the FBI seemed to endorse. Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) are drafting legislation that would address encryption in some way, although the details remain unclear.
Commissions are often seen as Congress’s way of ducking an issue, but Lofgren raised a different concern about the McCaul–Warner plan: that the commission’s creators might stack the deck with anti-strong-encryption officials whose views would preclude a real exploration of the issue.
“You can have a commission but, depending on how it’s stacked, end up with a preordained result,” she said. “I’m wary about that. I know Congressman McCaul has very strong and I think wrong views on this subject. You could put the FBI director and the head of the NSA on a commission and they could come back with what they’ve already decided. I’m looking at it but not yet sold.”
Wyden suggested that Congress instead wait to read an intelligence-community analysis that he convinced Director of National Intelligence James Clapper to produce. At Wyden’s request, Clapper’s staff is analyzing a report that sharply criticized Comey’s “going dark” argument.
“I asked him to give us a written analysis, unclassified, within 60 days,” Wyden said. “And that’s a lot faster than you’re going to be able to get a commission, or some kind of advisory group, together. So I think that’s the first step.”
While Wyden believed that he had a strong case against backdoors and Lofgren pointed to overwhelmingly successful House votes to ban them, new data show that Americans are not taking encryption seriously and do not agree with Apple in its fight with the FBI.
The Pew Research Center found that 51 percent of people back the FBI’s demand that Apple write the custom software, while Morning Consult found that only 20 percent of Americans actively use encryption technology (many Internet companies encrypt data without people having to do anything).
“You couldn’t pick a better example of why you want to break into people’s communications,” Lofgren said of the case that the FBI has chosen for its legal crusade against Apple.
Wyden acknowledged the difficulty of making a broader point about encryption out of a story that tilts strongly in the government’s favor.
“I just came from home—people would come up to me on the street or in the community and they’d say, ‘What’s wrong with unlocking one iPhone of a terrorist who’s dead?’” he said. “This is not about unlocking one phone. You’re basically setting up a path to unlock millions of phones, including the one that’s in the pocket of the person who asked me that question.”
Lofgren also questioned Comey’s suggestion, made in a blog post Sunday night, that the San Bernardino case “isn’t about trying to set a precedent or send any kind of message.”
“You couldn’t pick a better example of why you want to break into people’s communications.”
“The way it’s been messaged by the FBI, who I wouldn’t say are more technically proficient than the technology world, is that it’s just this one-time thing,” she said. “I don’t believe it’s possible to do that. Once you do a new operating system, you’ve done a new operating system. And that’s going to be available to the Chinese, to the Russians, to anyone, any other country in the world, including many who are not our friends and not friends of the American people—as well as [being] available to be hacked by bad guys.”
But as the Pew poll suggested, the FBI’s message is sinking in. Wyden said that some of his constituents implicitly trusted the bureau’s argument that a U.S. law could address all encryption.
“I think they heard, ‘Well, we’ll take care of it here, we’ll have this FBI policy, and that’ll keep us safe.’ And I said, ‘Well, it’s a little bit more complicated than that!’” Wyden said. “People have looked and found that there are hundreds of encryption products available around the world, and closer to half of them are free. It’s not as if you are cutting the bad guys off at the pass.”
With the House and the Senate reconvening on Tuesday, Wyden laid out the way he planned to frame his argument.
“One of the reasons we got here is because the NSA overreached,” he said. “They overreached on [collecting phone and Internet] metadata, and the companies saw their consumers losing confidence, and the companies built strong encryption in order to respond to their consumers’ desire for both security and privacy. If the government overreaches now, and is able, as a matter of policy, to require companies to build weaknesses into their products—backdoors—I’m going to say, ‘Backdoors are losers.’ That will be the centerpiece of our argument on the floor of the Senate.”
Lofgren pointed to the long shadow that an FBI win in the San Bernardino court battle could cast.
“In law school, they teach you bad cases make bad law,” said Lofgren. “This might be a prime example.”