The dispute between Apple and the FBI over iPhone encryption has the ring of a uniquely twenty-first-century dilemma—unthinkable outside science fiction just a few years ago. Who could have anticipated that most Americans would carry tiny computers in their pockets containing their most sensitive data and intimate secrets? We’re fumbling around in the dark for answers to questions that had never occurred to us to ask. As The Economist wrote last month, “The law is murky when it comes to privacy issues in the digital domain, and [Apple] is hoping to play a role in helping decide how laws should apply in this new era.” We’ve arrived at some new frontier, it seems, untested terrain from which utterly new difficulties arise. As PC Mag editor-in-chief Dan Costa put it, “This is a big new problem, and it requires a new debate.”
For the most part, though, this newness is an illusion. The question at the center of the Apple-FBI dispute—“who should have access to strong encryption?”—is decades old. Since at least the 1970s, when academic cryptographers at Stanford and MIT first broke the government’s monopoly on advanced cryptographic knowledge, government agencies (especially the NSA) have tried to prevent its proliferation, by any means necessary. For years, the NSA suppressed funding and preempted the publishing of cryptographic research outside its walls. For most of the twentieth century, export laws treated cryptographic algorithms as munitions—subjecting software engineers to arms export violations if their code crossed an international border. Throughout the 1990s, pioneering crypto enthusiasts like Phil Zimmerman, the inventor of the email encryption program PGP (Pretty Good Privacy), were investigated for federal crimes. In 1991, then Senator Joe Biden tried to sneak a provision into a comprehensive counterterrorism bill that would have required telecommunications companies to provide the law enforcement with “plain text” contents of “voice, data, and other communications,” effectively outlawing end-to-end encrypted communication in the private sector. The provision failed, but similar efforts have cropped up since.
The government’s position then, as it is today, was that companies should not be able to sell encryption that law enforcement can’t crack—because bad guys will use it. And they do. As in the case of the San Bernardino suspects, encryption can make it difficult for police to access digital devices, intercept text messages, and tap phone lines—even with a court order. On the other side, academics, tech companies, and civil libertarians have long insisted that publicly available, strong crypto is necessary to protect our data from nefarious attacks and protect our privacy from government intrusion. And as the world’s best cryptographers and security experts have repeatedly demonstrated, it’s not technically feasible to create a backdoor in a cryptosystem that only the government can exploit.
Though the government ceded much ground to the private sector with the rise of the Internet, the “crypto wars” of the 1990s have never really ceased. Every few years, law enforcement officials declare that the further proliferation of encryption technology jeopardizes their ability to catch criminals and execute warrants, that as more and more bad guys encrypt their devices and communicate using encrypted channels, the intelligence community and police are in increasing danger of “going dark.” The story is always the same. We’re at a precipice, a turning point. If Congress doesn’t act, or tech companies don’t submit, American lives will be endangered. Blood on our hands and so on. You can practically set your clock to it.
To demonstrate, let’s play a game. Consider the following three statements by FBI officials:
- “When changes in technology hinder law enforcement’s ability to exercise investigative tools and follow critical leads, we may not be able to root out the child predators hiding in the shadows of the Internet, or find and arrest violent criminals who are targeting our neighborhoods.”
- “In the ever-changing world of modern communications technologies, however, the FBI and other government agencies are facing a potentially widening gap between our legal authority to intercept electronic communications pursuant to court order and our practical ability to actually intercept those communications. We confront, with increasing frequency, service providers who do not fully comply with court orders in a timely and efficient manner.”
- “Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity. We will lose one of the few remaining vulnerabilities of the worst criminals and terrorists upon which law enforcement depends to successfully investigate and often prevent the worst crimes.”
You could be forgiven for assuming that every one of these ominous warnings was uttered in the past few months. But in fact, only the first—from FBI Director James Comey in March of this year—refers to the present debate.
The second statement is from then-FBI General Counsel Valerie Caproni in February 2011.
The third is former FBI Director Louis Freeh, speaking to the House Judiciary Committee in July 1997.
“Going dark” is the talking point that will not die. Every few years, it returns, zombie-like, to forebode an imminent wave of untraceable crime, to shame Congress for its inaction in the face of horrendous criminal acts. Fear, the FBI knows as well as anyone, is good politics. “A whole lot of people are going to look at us with tears in their eyes,” Comey told a House Committee in 2014, “they’ll say ‘what do you mean you cannot? My daughter is missing, you have her phone, what do you mean you cannot tell me who she was texting with before she disappeared?’” It’s powerful stuff. But it’s an old script.
James Kallstrom, a longtime New York FBI official, used the same playbook in the 1990s, when the intelligence community was pushing an encryption backdoor called the “clipper chip.” According to Steven Levy, journalist and author of Crypto, Kallstrom would sit across the table from the Clinton officials he was briefing, look in their eyes and ask, “Are you married? Do you have a child?” When they replied, he’d lay out a nightmare scenario. Kidnappers in the Bronx—always the Bronx—had locked their children or spouses behind an impenetrable steel door. “None of the welding torches, none of the boomerangs, nothing we have is gonna blast our way in there,” he’d say, staring them down. Kallstrom’s implication: encryption is the digital equivalent of that door. Don’t you want the good guys to have a key?
Encryption makes it harder for law enforcement to do parts of its job. This fact is more or less beyond dispute. But whether or not something inconveniences the police is not the standard by which we judge its lawfulness. Anyone who’s ever watched a hard-nosed detective drama knows it’s easier to bust down the perp’s door on the spot than to get a warrant. Stop and frisk would be unconstitutional even if it did severely reduce gun crime. As my colleague Barton Gellman is fond of saying, “inefficiency in law enforcement is a feature, not a bug.”
Further, it’s simply not the case that the FBI or local police’s sources of intelligence are dwindling. As a Harvard Berkman Center study conducted with input from intelligence community officials concluded in 2015: market forces, commercial interests, and technological developments—especially the growth of networked sensors and the Internet of things—all “point to a future abundant in unencrypted data, some of which can fill gaps left by… [those] channels law enforcement fears will ‘go dark.’” The study was appropriated titled “Don’t Panic.”
As was true in 1991, 1997, and 2011, the FBI is not going dark anytime soon.
However, the way we talk about the current iteration of the debate has serious consequences. The illusion of novelty serves the interests of those who desire a novel solution. That is, if the public can be convinced that the questions raised by the Apple-FBI scenario are truly new—that they herald an unprecedented era of compromised law enforcement—we will be more likely to support a wave of new laws to undermine strong encryption. If this is indeed a new frontier, we must settle it by force.
On the other hand, if we understand that this debate has a long and involved history, that we have decades of resources to draw upon in making informed decisions—that this frontier is far less uncharted than it may at first seem—we might come to more sober and clear-eyed solutions that safeguard the security of our data and respect our basic rights.