What Senators Ignore When They Threaten Encryption
If anyone’s wondered where the Senate Judiciary Committee stands on the question of encryption, yesterday’s hearing on the subject left no room for ambiguity: The committee members have little tolerance for it, and they threatened to pass legislation mandating workarounds.
“It ain’t complicated for me. You’re going to find a way to do this or we’re going to do it for you,” Senator Lindsey Graham (R-S.C.), chair of the committee, told representatives from Facebook and Apple in attendance (apparently reversing a change of heart he had in 2016). “You’re either the solution or you’re the problem.”
The debate: whether tech companies should be allowed to deploy strong, end-to-end encryption across their products.
The case for it: The feature protects people’s data and communications from being intercepted or otherwise obtained. Any loophole in the system could be exploited by hackers, spies, and repressive political regimes.
The case against it: Encryption creates a potential sanctuary for criminals and terrorists to hide incriminating evidence about their nefarious activities. Law enforcement needs access to decrypted data for its investigations.
For this latest iteration of the so-called Crypto Wars, the Justice Department has been refining its arguments. A few years ago, the Federal Bureau of Investigation emphasized the threat of terrorism as the agency battled to force Apple to unlock the iPhone of a mass shooter in San Bernardino, Calif. Now the Feds appear to be zeroing in on the dangers of child exploitation and sex trafficking enabled by encryption.
In an October letter, Attorney General William Barr and his British and Australian counterparts asked Facebook CEO Mark Zuckerberg to halt the rollout of encryption across its apps. The heads of Facebook’s WhatsApp and Messenger divisions replied this week saying they would not delay encryption’s adoption. Adding so-called encryption backdoors, they said, would make people’s private messages “less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.”
Tech companies might not have a choice. The message from Capitol Hill was clear: Figure out how to meet our demands, or prepare to face legislation.
My take: If Washington rams through anti-encryption policy, American businesses will find themselves at an economic disadvantage. Consumers will consider their products weaker and less trustworthy than ones with greater protections offered by competitors abroad. Although the prospect of passing anti-encryption laws appears remote despite senators’ rhetoric, the risk is real.
Thomas Rid, a Johns Hopkins professor and authority on cybersecurity matters, put it well on Twitter.
Any policy that gets passed will have enormous ramifications.
Robert Hackett
Twitter: @rhhackett
Email: robert.hackett@fortune.com