Only weeks ago, the Obama administration had decided that it would not pursue legislation requiring companies to build “backdoors” in their encryption allowing government access to encrypted data. However, the recent terrorist attacks in Paris may affect their stance going forward and have already influenced the debate on encryption.
Soon after the attacks occurred, many quickly blamed encryption for enabling the attack’s organizers to plan in secrecy. Despite the fact that there is no evidence (so far) that this was the case, the attacks have reinvigorated the ongoing debate over encryption, with lawmakers in both parties calling for companies to build government accessible backdoors in their products.
Republican Senator, John McCain, explicitly called for legislation requiring that companies include backdoors in their encryption. Diane Feinstein, a Democratic Senator from California, railed against “apps…that cannot be pierced even with a court order,” arguing that “Silicon Valley has to take a look at their products, because if you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents, whether it’s at a game in a stadium, in a small restaurant in Paris, take down an airliner, that’s a big problem.”
Despite the heightened emphasis on national security in the wake of the attacks, many large tech companies have reaffirmed their opposition of mandated backdoors. The Information Technology Industry Council (ITIC), that represents Apple and Google (both of whom now offer full disk encryption on their cellphone operating systems), issued a statement after the attacks, emphasizing that backdoors inherently undermine encryption’s security, creating vulnerabilities that can exploited by “bad guys” looking to steal data, adding that “Weakening security with the aim of advancing security simply does not make sense.”
The recent ITIC statement rested its argument on cyber security concerns, but it is also clear that tech companies fear that their brands will be tarnished if they do not take their customers’ privacy seriously. In a recent case in which Apple resisted a request to extract customer data for the Department of Justice, an Apple lawyer stated that complying “could threaten the trust between Apple and its customers and substantially tarnish the Apple brand.” Tim Cook, the CEO of Apple, has frequently spoken out against a government mandated backdoor, arguing that it would have “a chilling effect on our First Amendment rights and undermin[e] our country’s founding principles.”
While the Paris attacks seem to have reignited the intensity of the debate, the prospects for a legislative backdoor mandate remains uncertain.
The intelligence community, along with many in congress, will likely continue their support of a legislative mandate going forward, citing national security concerns. Although there is still no evidence that the terrorists behind the Paris attacks used encrypted communication to plan, there is also no reason to expect that other terrorists will not in the future. As the General Counsel of the Director of National Intelligence stated in a leaked email, “the legislative environment is very hostile today,” but “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.” He added that the intelligence community is “keeping our options open for such a situation.”
On the other side, cyber security experts, tech companies, and civil libertarians are unlikely to drop their opposition to mandated backdoors citing privacy, security, and constitutional concerns. Additionally, regardless of whether there is ever enough legislative support to pass such a mandate, attorneys at the Electronic Frontier Foundation have stated that they are ready to challenge the constitutionality of a backdoor mandate if one is ever passed.