Should America’s law enforcement and the intelligence agencies have the ability to read other people’s mail or listen in on their phone calls? Or, more to the point, since we live in a nation where the rule of law and constitutional liberties allegedly prevail, do they have any legal right to do so given the Fourth Amendment of the U.S. Constitution’s ban on searches without judicial sanction derived from probable cause and, if so, under what circumstances?
The question of whether they can do it technically, and whether they should be given either blanket or conditional authority to obtain such information in connection with ongoing investigations inevitably raises yet another question—do they actually need to have the capability and access to protect the country, or is it only another weapon that they would like to have in their arsenal just to have it available?
The Obama administration is currently confronting a number of information technology companies over their plans to develop and commercially market end-to-end encryption technologies to create client communications systems and eventually databases that cannot be routinely accessed by the government using what is referred to as a backdoor or key. Indeed, such encryption systems cannot normally be accessed by anyone at all but the users. Google and Apple have already announced that encryption will be an integral part of their upcoming products and services in an effort to guarantee client confidentiality.
To be sure, the action by the Internet and telecommunications giants is not motivated either by noblesse oblige or by any actual desire to protect customers from the government. The Edward Snowden revelations about U.S. government spying have made many potential foreign clients in Asia and Europe wary about purchasing systems or products from U.S. based companies that they know will allow access to the National Security Agency (NSA) and other American spy agencies. Concerns have been expressed that U.S. technology companies are unable to protect their clients’ data.
If the NSA spying had truly been limited to international terrorism cases in which a warrant was duly obtained, Washington might well have been given a pass on its behavior, but it is now clear that much of the snooping was both warrantless and speculative, having little or nothing to do with terrorists. The Washington law enforcement and intelligence community have been unable to cite a single credible counterterrorism case reliant on NSA spying that could not have been developed by other means.
As a consequence of the Snowden reports, several countries in Europe and Asia are considering legislation that would effectively nationalize the Internet, requiring data from all communications initiated or received by local residents to be stored in retrievable databases within the national borders. If such legislation gains momentum it would effectively destroy the internet as a transnational information resource and it could stimulate the rise of national telecommunications companies at the expense of the American firms the currently dominate the industry.
America’s telecommunications and internet giants operate globally, so the stakes are high, potentially tens or even hundreds of billions of dollars in sales and tens of thousands of U.S. jobs. There is every indication that Apple and Google, likely to be joined by Microsoft and Facebook, will not readily submit to any White House mandates.
The administration’s response has been to touch all the available hot buttons. From the law enforcement side, FBI Director James Comey claims that encrypted communications will allow “people to place themselves beyond the law” while the chief of detectives in Chicago has opined that “Apple will become the phone of choice for the pedophile.” District of Columbia Chief Cathy Lanier claims Smartphones are “going to be the preferred method of the pedophile and the criminal” while former FBI Counsel Andrew Weissman also piled on the scrum claiming that “They have created a system that is a free-for-all for criminals.” Weissman then suggested new laws to stop the practice, a proposal jumped on in a Washington Post editorial recommending the development of a mandatory “secure golden key” for law enforcement. But it was up to attorney General Eric Holder to ice the cake: “When a child is in danger, law enforcement needs to be able to take every legally available step…it is worrisome to see companies thwarting our ability to do so.”
It is just possible that the advocates of readily available government intrusion are sincere in their protests, but the facts regarding the straw men that they raise suggest something quite different. There were only nine reported cases of encrypted phones interfering with official investigations in 2013 and in all nine cases the investigation proceeded anyway using other means to include old fashioned meticulous on-the-street police work.
To be sure, many new technologies can be exploited for criminal activity but the Jeremiahs are most often wrong when they assume that the sky is falling. The automobile was once seen as a boon for bank robbers. Commercial encryption systems have long been on the market, but it is not exactly a business that has broken through to the individual consumer. Most encryption is currently done by the financial services industry, as well as by the government at federal, state, and local levels. If criminals had wanted to hide their phone calls, they would have been able to do so already.
The other issue that is being raised privately in government meetings is the intelligence stake in the controversy. To be sure, the agencies that operate overseas—primarily the NSA, Central Intelligence Agency (CIA), and military intelligence—work in a largely self-defined environment where rules and laws applicable in the United States are to a certain extent irrelevant. The NSA, which can break sophisticated foreign government encryption, can undoubtedly figure out how to defeat the systems being used by Apple and Google or by any other commercially developed security provider. Apple phones must, after all, communicate, requiring some measure of transparency and a comprehensible product at both ends of the chain which can be attacked.
The CIA and America’s military spies likewise tend to run technical operations overseas at source, meaning that their intelligence collection uses hidden microphones and similar devices where the communication is being produced or received, defeating encryption.
Terrorist groups in the 1990s and afterwards, when the so-called crypto wars began, did indeed use encryption systems, but they were broken by various governments, most notably the U.S., Britain, and Russia. They now rely on couriers and over-the-counter phones that are used once and discarded to communicate. Osama bin Laden’s couriers did indeed rely on cell phones but only when they were miles away from his place of refuge. Calls were placed to cutout numbers that were changed regularly and the instruments themselves were destroyed after use.
So the potential impact of phone encryption on the pursuit of genuine terrorism cases will be minimal, but to return to the initial questions, the answers would appear to be fairly straightforward. The United States certainly has the technical ability to penetrate encryption systems if given enough incentive to do so even if it does not have a key to make such access effortless. Whether it has a legal or constitutional right to invade privacy without a legal process as it did in the NSA spying, the answer ought to be “no.” With a warrant based on probable cause, the answer would have to be “yes” though with caveats to make such investigations specific and narrowly focused on actual presumption of criminal behavior. In defense of customer privacy, there is currently no legal reason why a company cannot structure itself in a way to make it unable to provide information sought after by the government, as Apple is doing. That should continue to be the case, barring any legislative action by Congress which, unfortunately, might well be emulated by other countries, resulting in grave damage to global communications.
Finally, is there any evidence to suggest that being able to defeat phone encryption, or conversely, being unable to do so, has hampered either law enforcement or intelligence operations directed against genuine terrorists or criminals? The answer is clearly “no” and perhaps that is the way the encryption issue should be addressed. If encryption does not do demonstrably grave damage to either law enforcement equities or national security, it should only be seen as a boon to the individual American who can henceforth expect that his privacy will be respected.
Philip Giraldi, a former CIA officer, is executive director of the Council for the National Interest.