Obama Fostering Uncertainty Over Smartphone Encryption Issue
The contentious issue over whether the U.S. government should be able to force tech companies to weaken security on their smartphones and software apps so that law enforcement agencies can access private data isn’t likely to be resolved soon. But it could be. All it would take is for President Barack Obama to make a statement supporting strong encryption on tech devices and Internet services. Obama holds himself up as a tech-savvy president, but his lack of leadership on the encryption issue has prolonged the dispute between the federal government and tech firms, tech groups and privacy advocates say. “The White House should be leading on this issue,” said Cindy Cohn, executive director of the Electronic Frontier Foundation (EFF). “President Obama is trying to be the best tech president ever. He’s got really good technical consultants, and the idea that he wouldn’t listen to them is shocking.” The tech industry is united in its call to keep encryption strong, saying that weakening software security or creating back doors for authorities to bypass privacy protections opens the door for hackers and criminals. “The math doesn’t change,” Cohn said. “The math is the problem that the FBI has, which is: They cannot build a back door that only they can use. It doesn’t matter which technical expert you bring to bear on it. … This isn’t controversial in the tech community.” The FBI has sought court orders in two criminal cases to try to compel Apple ( AAPL ) to unlock password-protected iPhones. In both cases, the FBI ultimately backed down when it found other ways to access data on the devices. One involved paying a third party to hack the phone, and the other was resolved when the phone’s owner provided the password. Encryption Petition Quickly Surpasses 100,000 Signatures Last September, EFF, Access Now, and a coalition of nonprofit and industry groups launched a public petition calling on President Obama to defend strong encryption and oppose back doors. They used the We The People API, Obama’s preferred petition tool, and quickly surpassed 100,000 signatures. Despite the White House’s pledge to respond to petitions with 100,000 signatures within 60 days, it has remained quiet and is now four months overdue in its response. But if Obama doesn’t support strong encryption for businesses and consumers, perhaps the next president will. On Wednesday, 13 U.S. tech industry groups representing companies such as Apple, Amazon.com ( AMZN ), Facebook ( FB ) and Uber Technologies urged the two presumptive major party presidential nominees to support strong commercial encryption. The encryption stance is among a list of tech industry requests made in an open letter to Democrat Hillary Clinton and Republican Donald Trump. The trade groups asked the candidates to strengthen cybersecurity and encourage other governments to do the same. The letter urged the candidates to recognize the importance of encryption as a critical security tool and to advance policies that enhance data privacy. Groups signing the letter included the Consumer Technology Association, the Business Software Alliance, the Internet Association and the Semiconductor Industry Association. The encryption issue made headlines earlier this year when the FBI secured a federal court order to force Apple to unlock a smartphone belonging to deceased San Bernardino, Calif., shooter Syed Farook. Apple fought the order, saying it would set a dangerous precedent. To help educate the public, Apple CEO Tim Cook stepped up to become the face of consumer data security. He gave high-profile media interviews and made public statements about the importance of strong encryption. Apple’s fight to protect its encryption is about securing the data on all iPhones in use from bad guys, Cook said. That means securing customers’ data, including financial and health information, confidential business documents, private communications and photos. The FBI might have retreated in the cases of the San Bernardino terrorist and a Brooklyn drug dealer, but it is likely to pursue similar cases against tech companies in the future. Unless the White House tells it not to. Meanwhile, law enforcement supporters on Capitol Hill are crafting legislation that could force tech companies to comply with all law enforcement demands for customer data. Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., have proposed the “Compliance With Court Orders Act of 2016.” As drafted, the legislation would require any individual or company to comply with any U.S. court order and hand over data to authorities, including data that is encrypted. The bill has been roundly criticized by civil liberties and digital privacy groups. No Encryption Bill Expected Until After Elections “I don’t think anything will happen in this session of Congress,” said Gary Shapiro, president of the the Consumer Technology Association. Political gridlock, especially during an election year, will ensure that no encryption bill is passed in Congress, he said. It is more likely that a court case will work its way up to the Supreme Court over the next couple of years, he said. Even if the FBI gets what it wants from the courts or Congress, the law would only be enforceable in the U.S. Foreign companies and their encrypted products would be unaffected, putting U.S. tech firms at a competitive disadvantage, Shapiro said. Public support for encryption is growing, especially in light of major data breaches at companies like Anthem ( ANTM ), eBay ( EBAY ), Home Depot ( HD ), JPMorgan Chase ( JPM ) and Target ( TGT ), as well as at government agencies, Cohn said. “We don’t live in a world where computer security is abstract and the damages and problems it causes for people are something that’s theoretical anymore,” Cohn said. “I think it strikes a lot of people as absurd that the government is engaging in trying to attack our security and undermine it and convince companies to give less of it when it should be their job to promote it.” Weakening security on mobile devices and software, says Shapiro, would destroy the confidence people have in businesses to keep their private data secure.