Opinion

Why the Tech Industry’s Approach to Encryption Is Right for America

By Gary Shapiro
February 11, 2020 at 5:00 am ET

There’s a reason most of us keep our phones locked. Whether through facial recognition, fingerprint or passcode, we defend our information through an extra layer of protection. Encryption software protects our fundamental right of privacy, preventing others from accessing our personal information.

But how do we balance our right to privacy with security? Sadly, we’ve faced this question before: In 2016, when the San Bernardino shooter opened fire at the Inland Regional Center; and last December, when a Saudi air force cadet training alongside U.S. troops shot and killed three Americans. In both cases, the Federal Bureau of Investigation asked Apple to open the shooter’s phone – and in the latter, the bureau’s request was echoed by Attorney General William Barr.

The phones are encrypted, which means Apple cannot access the user’s password or stored data. To access this information, Apple would instead need to build a backdoor into its phones, which would potentially allow anyone to have access to their customers’ data. Apple’s response remains the same: They refuse to put customers’ personal information at risk through backdoors, but will continue to assist law enforcement by other means.

That was the right decision then, and it’s the right decision now. Here’s why.

Building a backdoor sets a dangerous precedent for user privacy. To allow the FBI to access this one phone is to allow access to all the phones of all the Apple users across the world – including access for bad actors. Apple itself pointed this out in its response to the government’s most recent request: “There is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers.”

Beyond the FBI, any data thieves, cyber-scammers, terrorists, foreign governments or other bad actors clever enough to find the backdoor would also be able to access our phones and our most private information. Indeed, our own government – which would presumably be the custodian of any backdoor encryption key – is very bad at securing sensitive information. In 2015, the Federal Office of Personnel Management was targeted by a hacker who stole 21.5 million social security numbers and other records of people who had undergone federal government background checks. The Department of Justice itself was victimized shortly thereafter, with the private information of 30,000 FBI and DHS employees hacked and made public. Less than a year ago, hackers infiltrated several FBI-affiliated websites and made off with personal information of thousands of federal agents and law enforcement officers.

If the U.S. government were to hold a backdoor key to your phone, that key’s eventual theft would be a matter of “when,” not “if.” With an encryption bypass floating around the internet, the security of everyone using the technology – in this case, hundreds of millions of iPhones around the globe – would be instantly compromised.

Businesses and individuals purchase U.S. tech products in part because they are perceived as safe and secure. If the U.S. government were to weaken encryption, savvy customers would quickly and easily abandon American products and move to more secure foreign competitors.

More, the government’s characterization of Apple’s response as incomplete or insufficient just doesn’t match up with the facts. First, Apple shared “a wide variety” of phone data with the FBI on the date of the shooting. Over the next week and in response to follow-up FBI requests, Apple turned over more information, including iCloud backups, and they have continued to be helpful, responding to about 127,000 requests from law enforcement for the last seven years.

The government has already shown its ability to access iPhones when needed. In the aftermath of the San Bernardino shooting, security experts confirmed the FBI was ultimately able to access the iPhone’s data, negating a need for Apple to create a backdoor. Earlier, the FBI had testified to Congress that getting into the phone was impossible without Apple’s help. A DOJ investigation later concluded that the FBI “inadvertently misled” Congress regarding its ability to access the San Bernardino phone. Further, it has also been reported that in the FBI’s statements to Congress and to the public, the Bureau has “massively overestimated” the figure of phones it was unable to access due to encryption, forcing the bureau to issue a public apology.

Indeed, Jim Baker, the FBI’s general counsel during the San Bernardino phone controversy, now embraces encryption. He now says “It is time for governmental authorities – including law enforcement – to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly from China.”

The biggest problem with the encryption debate, however, is that it pits technology and national security against one another.

Representatives from law enforcement has a legitimate interest: They are seeking the information they need to stop criminals. American technology companies are good citizens who work closely with our government to keep our nation and its citizens safe.

Today’s technologies have proven helpful to law enforcement in a myriad of ways. Massive amounts of data are available to law enforcement, most of which is unencrypted and does not require a warrant. Never in human history has so much information been accessible to investigatory agencies.

In addition, through innovation we have developed predictive analytics to prevent security incidents before they occur, smarter sensors to detect explosives and other weapons and enhanced biometrics so that travelers can move through the world freely and easily – and so terrorists are recognized and stopped in their tracks.

Law enforcement has access to data that can keep us safer, but encryption remains necessary to protect our country and our most private information. By partnering with instead of attacking companies like Apple, government and industry leaders can harness American innovation and American principles to create a security system that fights terrorism and preserves the rights of U.S. citizens.

Gary Shapiro is president and CEO of the Consumer Technology Association, the U.S. trade association representing more than 2,000 consumer technology companies, and a New York Times best-selling author. His views are his own.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Do NOT follow this link or you will be banned from the site!