The controversy over whether Apple should help federal investigators access one of the San Bernardino shooter’s iPhone is putting renewed urgency behind legislative efforts to settle the contentious issue of when tech companies should comply with government requests for help accessing their customers’ secure information.
FBI Director James Comey strongly hinted to lawmakers on Thursday that it’s time for Congress to begin a serious debate about encryption as Apple and the government battle it out in court with a California judge ruling last week that the tech giant should comply with investigators’ demands.
“Whatever the judge’s decision is in California – I’m sure it will be appealed no matter how it ends up – will be instructive for other courts,” Comey said at a House Intelligence Committee hearing. “But I do think the larger question is not going to be answered in the courts and it shouldn’t be because it’s really about who do we want to be and how do we want to govern ourselves.”
The heated atmosphere is focusing attention on the anticipated release of a bill being drafted by Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the panel’s top Democrat, that would compel companies to override encryption technology when presented with a warrant.
Since the immediate aftermath of the terror attacks in Paris, Burr and Feinstein have endorsed the idea of giving the government the power to cut through encryption technology in the pursuit of terrorism and criminal cases, dismissing complaints from tech companies concerned about their role in these investigations.
“No one’s above the law in this country; no company, no individual, no organization,” Feinstein said this week in response to Apple’s complaints about the government’s request. “All the FBI is asking them to do is cooperate and do their best to help.”
The debate in Congress reflects the considerable discord over whether the government should get special access to secure data – or whether that will only produce bigger problems down the line.
At issue is that the FBI, backed by a judge in California, wants Apple to unlock San Bernardino shooter Syed Rizwan Farook’s iPhone, in the hopes of recovering evidence related to the deadly December shooting. They need Apple to disable the security feature that wipes data after 10 unsuccessful attempts to enter a password so the shooter’s device can be opened.
Apple is pushing back against the court order to write software bypassing the iPhone’s current security by arguing that creating such a “master key” – even in the name of hunting down terrorists – would generally weaken smartphone security and be a dangerous technological creation in the real world, especially in the wrong hands.
Federal officials have tried to dispel concerns that the government would abuse their access, pointing out that the combination of the iPhone and the security technology used by the San Bernardino shooter is rare enough that it might not come up in other cases. Apple’s general counsel and Comey will both appear as witnesses before the House Judiciary Committee next week.
In the meantime, privacy advocates in Congress have taken up Apple’s protest in anticipation of a greater congressional debate.
“If you weaken encryption, bad guys can get access to all that information about you and you will be less safe,” said Sen. Ron Wyden (D-Ore.), promising to keep hammering that point as lawmakers take up legislation.
Though the details of the Burr and Feinstein bill have yet to be released, the legislation is already coming under scrutiny for potentially setting a precedent that would put the United States at a competitive disadvantage economically, while at the same time raising troubling ethical concerns.
Wyden warned that the United States can’t easily police or keep encryption products developed by non-U.S. companies off the market. Thus compromising the security of features developed by U.S. companies like Apple only hamstrings their bottom line, he argued, without really keeping encryption technology out of the hands of terrorists.
It’s “wrong again from a security standpoint, wrong from a liberty standpoint, and wrong from an economic standpoint,” Wyden said.
Privacy advocates also charge that a mandate to compromise encryption technology in America could send a signal to repressive regimes around the world, especially in Russia and China, that it’s okay to crack down on the internet, or force international companies to turn over data. Feinstein waved off such concerns as irrelevant.
“I can’t worry about what China’s going to do,” she said. “I worry about what we do, and not company should be above our law.”
Yet even some congressional leaders who are concerned about the implications for privacy believe Congress should weigh in before the courts act.
“I don’t think it should be up to one judge to decide on the encryption policy as we go forward,” House Minority Leader Nancy Pelosi (D-Calif.) said Thursday. “We have to have a short time frame so that we can get this done.”