In December 2019, the Senate Judiciary Committee convened a hearing to consider legislation facilitating law-enforcement access to encrypted devices and communications. The recent hearing was largely spurred by a March 2019 announcement from Facebook that it is developing end-to-end encryption technology for use across its multiple messaging services. As the opening announcements from Senator Diane Feinstein, D-California, indicate, the tension began with the 2015 public battle between the government and Apple over access to the encrypted iPhone of the San Bernardino shooter. Senator Feinstein introduced legislation in 2016 in response to that incident, although the legislation did not get traction. Since then, technology companies have taken a hard-line approach to government requests to refine encryption technology to allow for a government “back door.” Facebook’s March 2019 announcement reinvigorates the debate and expands its scope from physical devices to a much wider swatch of communications materials.
In response to the call for a “backdoor” or “extraordinary access” solution, Erik Neuenschwander, director of user privacy at Apple, told the committee, “We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in.” He focused on the other ways in which Apple already cooperates with law enforcement—highlighting that Apple has complied with 127,000 requests from law enforcement over the last seven years, including thousands of emergency requests.
Jay Sullivan, product management director for privacy and integrity at Facebook, focused on privacy pressures from consumers. He explained, “People are seeking other types of social experiences—places for interactions they can trust are more private, safe, and secure. In contrast to the town square, these digital conversations are more like the conversations you might have in your living room. . . .” Like Apple’s spokesperson, Sullivan emphasized that an “extraordinary access solution” is not feasible: “We can be certain that if we build a backdoor for the U.S. government, other governments, including repressive and authoritarian regimes around the world will demand access or try to gain it clandestinely. . . .”
The committee also heard testimony from New York County District Attorney Cyrus R. Vance, Jr. Since 2015, the Manhattan District Attorney’s Office has published an annual report on smartphone encryption and public safety, highlighting the evolving challenges and advocating for technological solutions. Vance emphasized that while his office had the resources to employ encryption workarounds for law-enforcement purposes, many smaller communities do not. As a result, he argued, “two versions of justice exist: one for major cities that can afford such workarounds, and a second for smaller agencies that lack the financial means.”
The Senate Judiciary Committee testimony came in the wake of pressure from both sides of the debate. After Facebook’s March 2019 announcement, the Department of Justice (DOJ), along with law-enforcement partners from the United Kingdom and Australia, published an open letter to Facebook. The letter urged Facebook not to proceed with its encryption plan “without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.” The DOJ emphasized the critical role that Facebook has historically played in tackling crime and its fear that heightened encryption would reduce the effectiveness of that work. For example, in 2018, Facebook made more than 90 percent of the 18 million reports to the National Center for Missing & Exploited Children.
On the other side of the debate, a collection of more than 100 human-rights and privacy organizations, including the American Civil Liberties Union and Human Rights Watch, similarly issued an open letter urging Facebook to continue its end-to-end encryption-development program. “[E]ach day that that platforms do not support strong end-to-end security is another day that this data can be breached, mishandled, or otherwise obtained by powerful entities or rogue actors to exploit it.”
Whether 2020 is the year that legislation of a “backdoor” solution gains traction remains to be seen. It is difficult, however, to imagine legislation that can effectively adapt to the rapid evolution of technology and the boundless creativity of those using it for both lawful and unlawful means.
Eileen H. Rumfelt is with Miller & Martin, PLLC in Atlanta, Georgia.