The encryption debate has Silicon Valley flexing its muscles.
In the aftermath of the terror attacks in Paris, the U.S. law enforcement establishment mobilized to lay a huge guilt trip on the tech industry. With national-security bigwigs such as NSA Director Michael S. Rogers and FBI Director James Comey warning that terrorists could use encryption to evade detection, they pressed companies to build encryption backdoors into their technologies.
Such fear-mongering has worked so effectively in the past, there was no reason to believe that it wouldn’t work again. The tech industry has historically sought to avoid confrontation with the government—in the United States and abroad.
While selling tens of billions of dollars in products and services to help spread the Internet around the globe, Silicon Valley has shown a preference to go along to get along, if not to just look the other way. Yahoo’s Hong Kong subsidiary, for example, supplied an IP address that helped the Chinese government find and imprison a local journalist.
This time, however, the techies didn’t cave. With important customers around the world who would be negatively impacted by weakened encryption, they have an obvious interest in uniting together against a very dumb idea.
“We need high tech’s help in securing an Internet that even with a court order, you can’t get to what they’re saying. That’s a big problem.” — Sen. Dianne Feinstein (D-Calif.)
The Software and Information Industry Association and the Information Technology Industry Council, whose members include Apple, Facebook, and Google, released statements noting that weakening encrypted devices would not help the good guys. It would likely do just the opposite, they said, by creating vulnerabilities that the bad guys could exploit for their own nefarious ends. Furthermore, they noted, it’s not even clear whether the kind of access sought by law enforcement agencies is technically possible.
Don’t expect much clarity from the political class. Amid another public panic about terrorism, security and law enforcement agencies, as well as lawmakers, know how to push the right buttons to get what they want. Sen. Dianne Feinstein, who chairs the Senate Intelligence Committee, spoke for a lot of her peers when she ripped Silicon Valley for refusing to budge.
“I think that Silicon Valley has to take a look at their products,” she said. “We need high tech’s help in securing an Internet that even with a court order, you can’t get to what they’re saying. That’s a big problem.”
Give the tech industry credit for not succumbing to the scare campaign. Terror-induced panics rarely facilitate clear thinking, and Feinstein’s perfervid rhetoric is a prime example. There’s still no proof that the terrorists used encryption when communicating with each other. French investigators who examined a cell phone that belonged to the terror ring found that the group had used unencrypted SMS text messages. They also apparently used a very super-secret service called… wait for it… Facebook.
France’s security service didn’t lack for information. The authorities already had these guys on their radar but were drowning in data. Hamstrung by a lack of resources, they couldn’t pull together the clues in time. All any intelligence officer needed was access to the Internet, and he could have called up an online interview from February, during which the group’s purported ringleader boasted to ISIS’ English magazine that he was already in Europe and intended to launch an attack.
Fallout from Snowden
The security crowd can’t expect much sympathy. The relationship with the tech industry has gone south ever since former NSA contractor Edward Snowden revealed the extent of the government’s surreptitious collection of private data from online services operated by the likes of Microsoft and Google without search warrants or subpoenas.
Microsoft General Counsel Brad Smith reflected the distrust of his peers when he wrote on the first anniversary of the Snowden revelations that the government needs to repair the “technology trust deficit it has created.”
So it was all the more grotesque when, in the immediate aftermath of the attacks, former CIA Director James Woolsey asserted that Snowden had blood on his hands for the dead in Paris.
That fit with so much of the commentary out of Washington about the tech industry’s supposed patriotic responsibility. Here’s a chance for Silicon Valley to hold true to its promise and foil a cynical exploitation of the latest tragedy with the facts.