The government has cried wolf too many times to be trusted with backdoors into our cell phones.
Should
America’s law enforcement and the intelligence agencies have the ability to
read other people’s mail or listen in on their phone calls? Or, more to the
point, since we live in a nation where the rule of law and constitutional
liberties allegedly prevail, do they have any legal right to do so given the
Fourth Amendment of the U.S. Constitution’s ban on searches without judicial
sanction derived from probable cause and, if so, under what circumstances?
The
question of whether they can do it technically, and whether they should be
given either blanket or conditional authority to obtain such information in
connection with ongoing investigations inevitably raises yet another
question—do they actually need to have the capability and access to protect the
country, or is it only another weapon that they would like to have in their
arsenal just to have it available?
The
Obama administration is currently confronting a number of information technology
companies over their plans to develop and commercially market end-to-end
encryption technologies to create client communications systems and eventually
databases that cannot be routinely accessed by the government using what is
referred to as a backdoor or key. Indeed, such encryption systems cannot
normally be accessed by anyone at all but the users. Google and Apple have
already announced that encryption will be an integral part of their upcoming
products and services in an effort to guarantee client confidentiality.
To
be sure, the action by the Internet and telecommunications giants is not
motivated either by noblesse oblige or by any actual desire to
protect customers from the government. The Edward Snowden revelations about
U.S. government spying have made many potential foreign clients in Asia and
Europe wary about purchasing systems or products from U.S. based companies that
they know will allow access to the National Security Agency (NSA) and other American
spy agencies. Concerns have been expressed that U.S. technology companies are
unable to protect their clients’ data.
If
the NSA spying had truly been limited to international terrorism cases in which
a warrant was duly obtained, Washington might well have been given a pass on
its behavior, but it is now clear that much of the snooping was both
warrantless and speculative, having little or nothing to do with terrorists.
The Washington law enforcement and intelligence community have been unable
to cite a single credible counterterrorism case reliant on NSA spying
that could not have been developed by other means.
As
a consequence of the Snowden reports, several countries in Europe and Asia areconsidering
legislation that would effectively nationalize the Internet, requiring
data from all communications initiated or received by local residents to be
stored in retrievable databases within the national borders. If such
legislation gains momentum it would effectively destroy
the internet as a transnational information resource and it could
stimulate the rise of national telecommunications companies at the expense of
the American firms the currently dominate the industry.
America’s
telecommunications and internet giants operate globally, so the stakes are
high, potentially tens or even hundreds of billions of dollars in sales and
tens of thousands of U.S. jobs. There is every indication that Apple and
Google, likely to be joined by Microsoft and Facebook, will not readily submit
to any White House mandates.
The
administration’s response has been to touch all the available hot buttons. From
the law enforcement side, FBI Director James Comey claims that
encrypted communications will allow “people to place themselves beyond the law”
while the chief of detectives in Chicago has
opined that “Apple will become the phone of choice for the pedophile.”
District of Columbia Chief Cathy Lanier claims Smartphones are “going to be the
preferred method of the pedophile and the criminal” while former FBI Counsel
Andrew Weissman also piled on the scrum claiming that “They have created a
system that is a free-for-all for criminals.” Weissman then suggested new laws
to stop the practice, a proposal jumped on in aWashington Post editorial recommending
the development of a mandatory “secure golden key” for law enforcement. But it
was up to attorney General Eric Holder toice
the cake: “When a child is in danger, law enforcement needs to be able to
take every legally available step…it is worrisome to see companies thwarting
our ability to do so.”
It
is just possible that the advocates of readily available government intrusion
are sincere in their protests, but the facts regarding the straw men that they
raise suggest something quite different. There were only nine
reported cases of encrypted phones interfering with official
investigations in 2013 and in all nine cases the investigation proceeded anyway
using other means to include old fashioned meticulous on-the-street police
work.
To
be sure, many new technologies can be exploited for criminal activity but the
Jeremiahs are most often wrong when they assume that the sky is falling. The
automobile was
once seen as a boon for bank robbers. Commercial encryption systems
have long been on the market, but it is not exactly a business that has broken
through to the individual consumer. Most encryption is currently done by the
financial services industry, as well as by the government at federal, state,
and local levels. If criminals had wanted to hide their phone calls, they would
have been able to do so already.
The
other issue that is being raised privately in government meetings is the intelligence
stake in the controversy. To be sure, the agencies that operate
overseas—primarily the NSA, Central Intelligence Agency (CIA), and military
intelligence—work in a largely self-defined environment where rules and laws
applicable in the United States are to a certain extent irrelevant. The NSA,
which can break sophisticated foreign government encryption, can undoubtedly
figure out how to defeat the systems being used by Apple and Google or by any
other commercially developed security provider. Apple phones must, after all,
communicate, requiring some measure of transparency and a comprehensible
product at both ends of the chain which can be attacked.
The
CIA and America’s military spies likewise tend to run technical operations
overseas at source, meaning that their intelligence collection uses hidden
microphones and similar devices where the communication is being produced or
received, defeating encryption.
Terrorist
groups in the 1990s and afterwards, when the so-called crypto wars began, did
indeed use encryption systems, but they were broken by various governments,
most notably the U.S., Britain, and Russia. They now rely on couriers and
over-the-counter phones that are used once and discarded to communicate. Osama
bin Laden’s couriers did indeed rely on cell phones but only when they were
miles away from his place of refuge. Calls were placed to cutout numbers that
were changed regularly and the instruments themselves were destroyed after use.
So
the potential impact of phone encryption on the pursuit of genuine terrorism
cases will be minimal, but to return to the initial questions, the answers
would appear to be fairly straightforward. The United States certainly has the
technical ability to penetrate encryption systems if given enough incentive to do
so even if it does not have a key to make such access effortless. Whether it
has a legal or constitutional right to invade privacy without a legal process
as it did in the NSA spying, the answer ought to be “no.” With a warrant based
on probable cause, the answer would have to be “yes” though with caveats to
make such investigations specific and narrowly focused on actual presumption of
criminal behavior. In defense of customer privacy, there is currently no legal
reason why a company cannot structure itself in a way to make it unable to
provide information sought after by the government, as Apple is doing. That
should continue to be the case, barring any legislative action by Congress
which, unfortunately, might well be emulated by other countries, resulting in
grave damage to global communications.
Finally,
is there any evidence to suggest that being able to defeat phone encryption, or
conversely, being unable to do so, has hampered either law enforcement or
intelligence operations directed against genuine terrorists or criminals? The
answer is clearly “no” and perhaps that is the way the encryption issue should
be addressed. If encryption does not do demonstrably grave damage to either law
enforcement equities or national security, it should only be seen as a boon to
the individual American who can henceforth expect that his privacy will be
respected.
Philip
Giraldi, a former CIA officer, is executive director of the Council for the
National Interest.