Congress sent a warning to tech giants on Tuesday, telling companies including Apple and Facebook that it intends to pass legislation to regulate encryption if Silicon Valley can’t reach an acceptable compromise with law enforcement agencies.
Tech companies and privacy advocates have long supported encryption, noting that the privacy and security technology protects people from hackers, crooks and authoritarian governments. Law enforcement officials, however, argue that encryption blocks criminal investigations by preventing access to suspects’ devices and to their communications on messaging apps.
This debate took center stage in 2016 when Apple fought an FBI order to help unlock a terrorist’s iPhone, arguing that providing a master key to decrypt devices would endanger all iPhone users.
At a Senate Judiciary Committee hearing on Tuesday, Apple’s manager of user privacy, Erik Neuenschwander, reiterated that point for lawmakers.
“At this time, we’ve been unable to identify any way to create a backdoor that would work only for the good guys,” Neuenschwander told senators. “In fact, our experience is the opposite. When we have weaknesses in our system, they’re exploited by nefarious entities as well.”
The argument over encryption resurfaced in October after the Justice Department called on Facebook to pause its plans for encrypting all its messaging services. In March, Facebook CEO Mark Zuckerberg announced plans for the social network to focus more on privacy for its users.
Law enforcement officials worried that encrypting messages on Facebook would cripple investigative efforts against child predators. Facebook had reported about 16.8 million cases to the US National Center for Missing and Exploited Children in 2018, and government officials said that if messages were encrypted, Facebook wouldn’t be able to provide adequate evidence for cases.
On Tuesday, Facebook sent a letter to Attorney General William Barr saying it wouldn’t weaken encryption on its WhatsApp messaging service. In Facebook’s opening statement at the hearing, Jay Sullivan, the company’s product management director for privacy and integrity, explained why.
“We oppose intentionally weakening the security of encrypted systems because doing so would undermine the privacy and security everywhere and leave them vulnerable to hackers, criminals and repressive regimes,” Sullivan said.
Sullivan also warned that if the US imposed regulations on encryption, criminals would just move to foreign platforms where they aren’t required to provide data to US law enforcement.
Despite the tech giants’ arguments for privacy and security through encryption, lawmakers at the hearing didn’t agree about the trade-offs on public safety.
“We hear your argument that this may simply push to overseas providers,” said Sen. Chris Coons, a Democrat from Delaware. “But frankly, most of us are concerned about protecting the most vulnerable Americans.”
Among the witnesses was Manhattan District Attorney Cy Vance Jr., who has argued that encryption prevented his office from accessing evidence on hundreds of phones. He noted that while his team uses lawful hacking methods, it pays “hundreds of thousands of dollars” for these tools and they’re successful only half the time.
“There are many serious cases where we can’t access the device in the time period where it is most important for us to access it,” Vance told the senators. “Without moving toward legislation, we’re not going to solve this problem.”
Several lawmakers at the hearing warned Apple’s and Facebook’s representatives that Congress would look into legislation if the companies couldn’t provide data to law enforcement agencies.
“My advice to you is to get on with it,” said Sen. Lindsey Graham, a Republican from South Carolina and the Senate Judiciary Committee chairman. “This time next year, if you haven’t found a way that you can live with it, we will impose our will on you.”
Android 10 privacy settings: Everything to know
This was a bipartisan warning. Both Democrats and Republicans argued that investigating crimes is more important than overall privacy and security on devices.
Sen. Richard Blumenthal, a Democrat from Connecticut, called out big tech’s distancing itself from legal responsibility and warned that lawmakers would soon take action.
“That will end, because the American people are losing patience,” Blumenthal said. “I hope you take that message back. That kind of immunity will be short-lived if big tech isn’t able to do better.”
Lawmakers are hoping that the tech companies will take action on their own, without requiring legislation.
“If it doesn’t happen by you, it will happen by Congress,” said Sen. Joni Ernst, a Republican from Iowa. “I think you’d rather find the solution than have Congress do it for you.”
The US isn’t the only nation considering laws around encryption. The Australian government passed the world’s first encryption law in December 2018, though Apple said on Tuesday that it hasn’t changed any of its software to comply with the law.
Apple’s Neuenschwander told senators that it would be problematic if a similar law passed in the US.
“My overall fear would be that if some of the capabilities of that legislation were imposed on any provider, that provider would have to weaken encryption, just by the nature of the technology, for all users,” he said.
There are no proposals for any legislation tied to encryption in the US, but senators at Tuesday’s hearing have warned tech giants that Congress will take action if the issue continues to trouble law enforcement agencies.
“You all have got to get your act together, or we will gladly get your act together for you,” said Sen. Marsha Blackburn, a Republican from Tennessee. “This is not going to continue.”