Weighing in on the Encryption and “Going Dark” Debate

Carrie Cordero
Thursday, December 4, 2014, 11:30 AM
Yesterday I took part in a panel discussion entitled “Device Encryption: Too Much Privacy for Consumers?” hosted by the Future of Privacy Forum (FPF) and the International Association of Privacy Professionals (IAPP).

Published by The Lawfare Institute
in Cooperation With
Brookings

Yesterday I took part in a panel discussion entitled “Device Encryption: Too Much Privacy for Consumers?” hosted by the Future of Privacy Forum (FPF) and the International Association of Privacy Professionals (IAPP). The discussion focused on the reinvigorated “going dark” debate, in light of recent steps by Apple and Google (and presumably, others to come) to build-in encryption to a variety of services, thereby making the companies incapable of responding to lawful court orders in criminal and national security matters. Hogan Lovells Partner and FPF Founder Christopher Wolf moderated the conversation which included Cato’s Julian Sanchez and Access’ Amie Stepanovich. This post summarizes some of my observations related to that discussion. While the going dark issue is not new, there are important differences between today’s discussion versus those of the 1990s or even 2011, when former FBI General Counsel (now federal district court judge) Valerie Caproni testified before Congress on the issue. While we know that there are significant differences between the going dark debate of the 1990s and now, given the changes in communications technology, what may not be as obvious are the differences in the policy discussion between as recent as 2011, and today. More specifically, three policy positions put forth by the FBI in 2011 likely have shifted, or are about to shift:
  • First, in 2011, the FBI was primarily concerned about technological challenges impeding real-time interception, i.e. electronic surveillance. Today, access to stored data, including data stored in mobile phones/devices, is clearly on the table.
  • Second, in 2011, the FBI General Counsel stated that changes to encryption technology were not required. Today, given the aggressive and accelerated deployment of encryption by the leading communications service providers, encryption practice and policy is necessarily up for discussion.
  • Third, in 2011, the FBI viewed its legislative authorities as sufficient. Although there is no current Administration proposal to amend the 1994 CALEA, FBI Director Comey’s stated in his remarks at Brookings in October that “we also need a regulatory or legislative fix to create a level playing field….” Accordingly, if the Executive Branch cannot come to informal working agreements with the technology industry (which seems unlikely in the current environment), we may be looking at a legislative debate sooner rather than later.
The crux of the current debate is this: if industry refuses to cooperate voluntarily, is there a societal interest in mandating by law that companies preserve the technical capability to respond to lawful court orders to prevent, investigate and prosecute crimes, and to protect against terrorism and other national security threats? The technology industry appears to be moving in the direction of building-in encryption technology for everyday consumers that may make it impossible for law enforcement authorities to access devices. As yesterday’s panel discussion revealed, concerns about national security surveillance revealed by the Snowden disclosures are driving the industry reaction. But the chief law enforcement officer wants to be able to access the devices with a court order or warrant, leaving allegations of “mass surveillance” flat. This summer, the Supreme Court held in Riley that a warrant is required for a search of a cell phone, even when the search is incident to arrest. But the Court also recognized a legitimate government need for lawful execution of search warrants. The Court said:
Our holding, of course, is not that the information on a cell phone is immune from search; it is instead that a warrant is generally required before such a search, even when a cell phone is seized incident to arrest. Our cases have historically recognized that the warrant requirement is “an important working part of our machinery of government,” not merely “an inconvenience to be somehow ‘weighed’ against the claims of police efficiency.” Riley at 26-27, citing Coolidge v. New Hampshire, 403 U.S. 443, 481 (1971).
So how will the debate proceed? Hopefully, with more facts demonstrating that the issues raised by the FBI Director present real impediments to preventing, investigating and prosecuting serious crimes and protecting the country against national security threats. It will take more than a sampling of case anecdotes to make the case. During the 1994 legislative debate over CALEA, FBI Director Freeh presented a variety of statistics and categories that were not just based on FBI anecdotal experience, but included statistics regarding the thwarting of investigations across federal law enforcement as well as state and local law enforcement. In addition, CALEA’s legislative history reveals that GAO conducted an independent review and concluded that the technological situation at the time presented real impediments to lawful investigations.

Carrie Cordero is a Senior Fellow at the Center for a New American Security. She is also an adjunct professor at Georgetown Law, where she previously served as Director of National Security Studies. She spent the first part of her career in public service, including as Counsel to the Assistant Attorney General for National Security; Senior Associate General Counsel at the Office of the Director of National Intelligence; Attorney Advisor at the Department of Justice, where she practiced before the Foreign Intelligence Surveillance Court; and Special Assistant United States Attorney.

Subscribe to Lawfare