As the senior counterterrorism official in the U.S. government for nine years, I felt the personal burden of responsibility for preventing terrorist attacks, so I understand Federal Bureau of Investigation Director Jim Comey's desire to collect every possible bit of data. As a nation, however, we have decided that there should be limits to what the government can do to stop terrorism, counter illegal narcotics and fight crime. The case of the iPhone that belonged to Syed Rizwan Farook, one of the San Bernardino shooters, is best seen as an attempt by the FBI to redefine those limits.
In the 1990s, the government proposed a law that would have required encryption software to have a "Clipper Chip," a backdoor by which the government could decrypt software. Congress did not approve, and President Bill Clinton withdrew the proposal. That established limits: encrypted software could exist that the government, even with a court order, could not decrypt. Such software is now legally sold in America and elsewhere around the world. Comey wants to make it illegal.
Comey asked the Obama administration to support legislation requiring a backdoor in encryption and it rejected the idea. Undaunted, the FBI has been looking for a way to establish legal precedents in this area. That is what this case of the iPhone is really all about -- trying to recast the legal landscape to compel U.S. companies to weaken their data security.
The iPhone is really about trying to recast the legal landscape to compel U.S. companies to weaken their data security.
The San Bernardino terrorist attack provided the FBI with an opportunity for a new legal precedent. It was a particularly heinous crime, inspired by the so-called Islamic State and widely covered by the media. Although the terrorists had tried to destroy their mobile phones, one remained, and it was owned by Farook's employer.
Thus, using a 1789 law as justification, the FBI attempted to compel the device manufacturer, Apple, to write new computer code to make it easier to unlock the phone. Apple, rightly, refused to create new software for the purpose of weakening the security of one of its products. The legal questions raised by this case include whether the 1789 law provides a basis for the government to compel people to write computer code against their will.
Beyond that, however, is the larger issue of whether the government can order companies to weaken data security in general and, more specifically, whether there can continue to exist in the U.S. encryption to which the government cannot obtain access through the courts.
Although most Americans use encryption regularly, many may not know that or understand its importance. When you use an ATM, swipe a credit card, do online banking, buy a book from a website or access your stock investment account, you're using encryption. The financial services sector depends on encryption, and so do the insurance and health care industries.
Because the government has proven largely useless in stopping the pandemic of cybercrime and cyber-espionage, companies have been forced to rely increasingly on data encryption to prevent its theft by the Chinese government and foreign criminal gangs. Yet, the government, or at least the FBI, wants to establish precedents that would weaken data security and create laws that would make unbreakable encryption an illegal substance, like cocaine.
To justify changing what has been our public policy to date on these issues, the FBI paints a picture of a world "going dark," in which they can no longer see or follow terrorists.
The government wants to create laws that would make unbreakable encryption an illegal substance, like cocaine.
Actually, as was well explained by a recent Harvard Kennedy School study, there has never before been so much data available to law enforcement. Numerous former heads of U.S. intelligence and security agencies have sided with Apple and not the FBI, arguing that on balance, the need for rock-solid encryption outweighs the pleas of law enforcement for yet more data. Designing data security and encryption so that the government can get in creates opportunities for others, like the Chinese and cyber criminals, according to the leading scientists and engineers in this field.
Moreover, whatever the U.S. courts and Congress may do, making good encryption illegal will just not work. It will always be possible to buy encryption overseas that has no back doors installed by the U.S. government. What criminal would use faulty encryption the U.S. government could read when they could buy foolproof code elsewhere?
I sympathize with Comey's desire to have access to everything, in order to prevent crimes. But compelling U.S. companies to weaken their data security will ultimately make cybercrime even worse, and it will strengthen the ability of hostile nations to undermine both our economy and our national security. Seen in proper perspective, those are the larger and more important concerns than adding to the wealth of data the government can already acquire.
Earlier on WorldPost: