For those itching for an Apple-FBI confrontation, the two squared off Tuesday before the Subcommittee on Oversight and Investigation of the House Committee on Energy and Commerce. Well, sort of.
Apple General Counsel Bruce Sewell did testify before the committee that “100 percent of our users would be made more vulnerable if we were forced to build a back door” while FBI Executive Assistant Director of the Technology and Technology Branch Amy Hess did contend that “increasingly, some technologies are prohibiting law enforcement” from accessing “critical evidence.”
But the exchanges by all accounts hardly constituted a contentious free for all. What resulted, instead, was what Information Technology Industry Council (ITIC) Senior Vice President for Government Affairs Andy Halataei called “a serious discussion is emerging between lawmakers and tech on encryption.”
Typically in Washington debates, “people go into their separate corners and repeat ‘us versus them' positions,” Halataei said in comments emailed to SCMagazine.com. But Tuesday's hearing showed that “members of Congress on both sides of the aisle are asking thoughtful questions to understand the critical role encryption plays in securing our digital world.”
He gave the hearings a nod for “also giving lawmakers a better sense of the trade-offs involved for the security and safety of Americans that would occur by placing restrictions or limitations on encryption that would do more harm than good.”
Indeed, Apple's Sewell and the FBI's Hess seemingly agreed that encryption is necessary to create a strong cybersecurity posture and pointed to efforts in both the government and private sector, such as the Open Technology Fund, to bring about robust encryption. “Encryption today is the backbone of our cybersecurity infrastructure and provides the very best defense we have against increasingly hostile attacks,” Sewell told lawmakers, noting that Apple has worked closely with law enforcement in the past and that only a fraction of the company's users are subject to their queries. “The best way we, and the technology industry, know how to protect your information is through the use of strong encryption.”
Hess echoed that support for encryption and noted the government's desire to “maximize privacy and security to the greatest extent possible.” The government, she said, is not asking to expand its surveillance authority but rather is “asking to ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress provided to us to keep America safe.”
The Justice Department has long argued that terrorists and other criminals could evade detection and capture by going dark. Indeed, New York Police Department Chief of Intelligence Thomas P. Galati told the committee that “evidence that once would have been stored in a file cabinet or a notebook is now archived in an email or a text message” but is largely outside the reach of law enforcement “not because of constraints inherent in the law, but because of limitations in accessibility imposed by technology.”
But Sewell took issue with law enforcement's “perception that encryption walls off information to them,” which he characterized as a difference in perspective that needs to be resolved. “To suggest that the American people must choose between privacy and security is to present a false choice,” he said.
RSA President Amit Yoran stressed to lawmakers that “‘Security versus privacy'” is an incredibly inaccurate, misleading and dangerous way to describe the debate our society faces over encryption.” Instead, he noted, the debate should center on balancing the needs of law enforcement with security, privacy, and economic competitiveness. “There is a continuum of options that have to be carefully weighed as we consider the thin line that connects these issues,” Yoran said, noting that while strong encryption can pose difficulties for law enforcement in accessing information that it “poses the same challenge” to foreign intelligence services, governments, terrorists and criminals.”
“Strong cryptography is a foundational building block for good cybersecurity,” he said. “We would simply cease to function as a technology-enabled society without it.”
Yoran noted the “incredibly insightful digital breadcrumb trail” that follows users of technology. “This meta-data, which is practically impossible to protect, includes information about who you are, where you are, who you are communicating or interacting with, the length, frequency, volume and duration of your communications, what applications you are using, and other troves of information,” he said. And though much of it remains outside law enforcement's reach constitutionally, they do have “an overwhelming volume of information readily available to it, creating challenges to efficiently manage and fully leverage it.”