FBI Director James Comey has heated up the encryption debate with his recent appearances on Sixty Minutes and at the Brookings Institution. Comey has sharply criticized Apple and Google for the companies’ announcements that they would enable strong encryption on their phones. In contrast to prior practice, the companies would no longer keep a key to gain access to the encrypted content. I applaud the companies’ announcements, which among other virtues will strengthen cybersecurity.
On November 17th, I have been invited to debate this issue at the New America Foundation, from 4:00 to 5:30 p.m., with webcast planned. Nancy Libin, formerly of both the Center for Democracy and Technology and the U.S. Department of Justice, will be the moderator. The opposing perspective will be offered by Andrew Weissmann, who until 2013 was General Counsel at the FBI. I believe this will be the highest-profile live debate on the issue since Comey began his statements.
To remind us of the issues at stake, this post highlights four items I have previously worked on about encryption and global communications policy, the first three of which were supported by the Future of Privacy Forum’s project on government access to data in 2011-2013.
First, and perhaps most readably, is “Going Dark vs. the Golden Age of Surveillance.” (2011). This piece challenges the FBI’s claims that it is “going dark” due to encryption and other changes in communications technology. Instead, Kenesa Ahmad and I argue that a better image would be that we are in “a golden age of surveillance.” Compared with earlier periods, surveillance capabilities have greatly expanded. Government agencies have unprecedented access to location information now that we all carry cellphones. Information about contacts, confederates, and conspirators has massively expanded, as all of our texts, emails, and social network postings are saved by communications carriers. In addition, there are myriad new databases that create digital dossiers about our lives. In short, if government agencies were offered the choice of current capabilities or pre-Internet capabilities, they would overwhelmingly prefer their surveillance abilities today. This piece was written before the Snowden leaks, so the idea of law enforcement and intelligence agencies “going dark” is even less plausible today.
Second, this going dark discussion was part of a larger research project on “Encryption and Globalization” (2012). This lengthy article provides background on a variety of encryption issues, including developments in India and China. One claim of the article is that strong encryption is even more vital in today’s globalized world than during the crypto wars of the 1990’s. A second claim concerns what we call “the least trusted country problem.” If there are backdoors or limits on effective encryption, then the security of global communications is only as strong as the security in the least trusted country. Other countries will demand the same backdoors available to the U.S. government. When the FBI or other agencies argue for weak security, we should consider the effects of surveillance by these other countries, many of whom lack the legal safeguards in the United States.
Third is my 2012 article “From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud.” This paper, as the title suggests, explains how changing technology is pushing government agencies to go to cloud providers for law enforcement and intelligence purposes. Relevant to the Comey debate, and as explained in detail by Chris Soghoian, cloud providers hold an enormous wealth of potential evidence. Even if police have difficulty getting into a smartphone, the relevant evidence very often is available from the cloud provider.
Fourth is the discussion of encryption in the report of President Obama’s Review Group on Intelligence and Communications Technology, for which I was one of five members. The report in general, and our Recommendation 29 in particular, emphasizes why U.S. government policy should strongly encourage the use of effective encryption.
Andrew Weissmann, in addition to his role at the FBI, is an experienced litigator and former chief of the Enron Task Force. He is a Senior Fellow at the NYU School of Law and its Center for Law and Security. I look forward to a vigorous debate.
Peter Swire is Senior Fellow at the Future of Privacy Forum and the Huang Professor of Law and Ethics at Georgia Tech Scheller College of Business.