A Senate Judiciary Committee hearing on Wednesday is set to put a spotlight on the fine line tech companies must walk between keeping users' data private and making it available to the government in matters of national security.
Edward Snowden's revelations about the National Security Agency's surveillance programs, coupled with a deluge of data breaches, led to an outcry for better privacy and security measures. Tech companies listened, and have been beefing up security features in consumer products. In May, Apple, Facebook, Google, and others sent a letter to President Obama urging him to shoot down proposals that would force them to enfeeble the security of their products to help law enforcement access encrypted data more easily.
On the other side of the debate, FBI director James Comey has waged a campaign against encryption, stating that if his agency cannot intercept internet communications, it will not be able to save citizens from terror attacks. During a speech, Comey said, "encryption threatens to lead all of us to a very dark place."
Earlier this week, L. Gordon Crovitz, a former publisher of the The Wall Street Journal, echoed Comey's concerns in an op-ed in the WSJ entitled, "Why Terrorists Love Silicon Valley." The column contends that tech companies have made consumer products too secure with end-to-end encryption. Crovitz says when the FBI asked tech companies to find a way to balance privacy encryption and court-ordered legal searches, the technologists said it was impossible.
"Terror attacks are increasingly planned online, outside the reach of intelligence and law enforcement," Crovitz writes. "Once a recruit is identified, ISIS tells him to switch to an encrypted smartphone. Legal wiretaps are useless because the signal is indecipherable. Even when the devices are lawfully seized through court orders, intelligence and law-enforcement agencies are unable to retrieve data from them."
Not only is this kind of language irresponsible, linking encryption to terrorism, Crovitz's fearmongering article seems to hold up Comey's campaign against encryption as the unvarnished truth. Data encryption will not result in the U.S. getting attacked. Compelling tech businesses to tear down basic privacy measures in the service of fighting terrorism is a move back to a surveillance state.
Post-9/11 fear led to a decade of mass surveillance. Considering how little was accomplished, it's clear that relying on access to data and monitoring electronic communications is not the only way to prevent terrorist plots. Cyberattacks have started to cross over into the physical world--because smartphones, appliances, and our country's infrastructure are all connected to the internet, our nation's security actually depends on encryption.
Meanwhile, encryption appears to have done little to foil law enforcement's use of wire and electronic surveillance to bring down terrorists. According to the United States Courts' Wiretap Report 2014, instances of encrypted devices interfering with wiretaps decreased nearly by half from 2013 to 2014. Moreover, the report also found that last year the vast majority of wiretaps were granted for investigations into drug deals, not potential terrorist plots.
The FBI's claim of being crippled if tech companies don't allow them to monitor electronic communications is a stretch, says David Gorodyansky, co-founder of virtual private network provider AnchorFree. "It would presume the FBI was completely useless before the internet was created," he says.
AnchorFree helps its 350 million users surf the Web anonymously to prevent hackers from stealing their identity, advertising firms from selling their search history, and governments from censoring online activity. By default, the company does not collect any data on its users. When law enforcement agencies serve AnchorFree with subpoenas, it complies but has little information to share.
Gorodyansky says greater dialogue between businesses, consumers, and government agencies can help to achieve a balance between privacy and public safety. He says if he were to be involved in these conversations, he would propose a system where every internet user has a default right to privacy and encryption. But that right can be lost if a user sets off a trigger like visiting a terrorist website, talking about or searching ways to make bombs, or other actions of that nature.
He estimates that only 1 percent of people use the internet for criminal purposes. So why should everyone else be subject to invasions of privacy? To illustrate his point, he mentions a friend of his who traveled to North Korea, where he noticed that none of the homes had curtains or blinds in the windows. When he asked why, his guide told him that if you cover your windows you have something to hide.
"In North Korea, you have to keep your windows wide open so people can look inside," Gorodyansky says. "Is that the society we want to create here?"