The encryption conundrum: Should tech compromise or double down?
Just wait for FBI versus Apple: The Revenge
Versus16 Silicon Valley should work with the US government in Washington to arrive at a solution that gives law enforcement access to encrypted comms, but that respects individual privacy.
That's according to former White House counterterrorism and cybersecurity official Daniel Rosenthal, who was debating where the issue of encryption should go next.
Nonsense, responded Cindy Cohn of the Electronic Frontier Foundation (EFF), on stage at the Versus conference in San Francisco. If the tech sector offers some form of compromise now, the government will only come asking for more later.
In the week since Donald Trump was elected president, tech companies have reported a 25 per cent spike in people encrypting their communications.
The reason why is not hard to discern: on the campaign trail the Republican nominee repeatedly stated that he would be prepared to use the full power of the federal government to carry out his policy goals, which includes the forced deportation of millions of people, the surveillance of millions of others, and the pursuit of terrorism above all else.
What's more, Trump weighed in on the biggest showdown in the past decade between law enforcement and the tech industry, telling crowds that they should boycott Apple over its refusal to bypass its own security and grant the FBI access to a locked phone that belonged to San Bernardino shooter Syed Farook.
Both Rosenthal and Cohn acknowledged that the likelihood of the executive branch of the US government pushing for a backdoor into encryption was "significantly greater" under the Trump Administration.
Although both offered some consolation: Rosenthal said there still remained forces within the executive branch that would argue for the value of strong encryption and the importance of privacy; Cohn promises that the EFF will continue to fight – as it has for decades – to prevent government overreach.
But while both agreed in general, Rosenthal and Cohn represented two very different viewpoints, themselves reflecting two very different attitudes on the East and West Coasts of the United States.
Both agreed that the bill put forward by Senators Dianne Feinstein and Richard Burr in April was a horrible piece of legislation (it eventually died, but not without significant effort being made to kill it).
Rosenthal warned, however, that if the tech industry rules out working on ways to open up access to encrypted data, it may find itself left out the conversation when the "inevitable" next terrorist attack hits the United States and the government reacts to it with new laws.
Cohn stuck with well-worn arguments about the mathematics of encryption: weakened encryption is weak for everyone, and a backdoor is a backdoor as much for bad actors as for law enforcement.
She also warned that if the US government pushes a law to undermine encryption, it sends a signal to the rest of the world's governments, and makes it impossible for tech companies to stand up to other, inevitable demands from across the world.
This is not the first time this debate has played out – for months this year the back-and-forth over encryption turned into fixed positions.
Rosenthal fell back on flattering the West Coast as being "much smarter" and urging tech companies to figure out a way to make breakable encryption possible. In response, Cohn offered the logic of math and argued that everyone has access to prime numbers. She shook her head at the Washington, DC policy process of finding a middle ground between opposing sides: there is no middle ground on encryption – it works or it doesn't.
Fortunately, neither fed into the familiar insults traded between the coasts – but they did reference them: Silicon Valley doesn't care about terrorism; Washington, DC doesn't care about its citizens' privacy.
Rosenthal thinks that Apple should feel an obligation to be a "good citizen"; Cohn notes that law enforcement agencies should be obliged to follow the law and run all requests for information through the legal process – "because companies are not always in the best position to evaluate requests or know if the system is being misused."
In short, despite the best efforts of two very knowledgeable individuals actively looking to find some common ground, nothing new was uncovered.
It's also notable that neither Cohn nor Rosenthal currently possess government or tech industry roles. It is, of course, possible that there are lots of positive conversations going on behind closed doors between DC and Silicon Valley. But it seems unlikely.
What seems even more unlikely is that the conversation will start with the arrival of the Trump Administration. Trump's stated policies are in many ways antithetical to both the politics and the finances of Silicon Valley.
When that inevitable next terrorist attack does come, we can expect to see the Apple versus FBI argument return – but this time with much greater odds and carried out in much louder voices. Just as with the election itself, there is increasingly less room for compromise. One side will win, and one side will lose.
Where will it fall? It will come down to Trump and whether he can persuade Congress to enact a new law. The Obama Administration was split on the issue and the President very publicly sat on the fence. That is far less likely to happen with the President-elect.
If there is a large terrorist attack, as Rosenthal noted, the people's concerns about privacy will fall away if they are offered a firm hand and a clearly stated solution.
And while Tim Cook has taken a principled stance on privacy and encryption, and Google and Facebook and many other tech companies have said they support that view – no one has ever said they will ignore the law of the land. ®
Sponsored: Becoming a Pragmatic Security Leader