Apple may have refused to help the FBI unlock an iPhone used by the San Bernardino shooter, but the tech industry is still better off working with the U.S. government on encryption issues than turning away, according to a former official with the Obama administration.
“The government can get very creative,” said Daniel Rosenthal, who served as the counterterrorism director in the White House until January this year. He fears that the U.S. government will choose to “go it alone” and take extreme approaches to circumventing encryption, especially if another terrorist attack occurs.
“The solutions they come up with are going to be less privacy protective,” he said during a talk at the Versus 16 cybersecurity conference. “People will think they are horrifying, and I don’t want us to see us get to that place.”
Rosenthal made his comments as President-elect Donald Trump -- who previously called for a boycott of Apple during its dispute with the FBI -- prepares to take office in January.
A Trump administration has a “greater likelihood” than the Obama administration of supporting legislation that will force tech companies to break into their customers' encrypted data when ordered by a judge, Rosenthal said.
“You have a commander-in-chief, who said at least on the campaign trail he’s more favorable towards a backdoor regime,” Rosenthal said.
Earlier this year, one such bill was proposed that met with staunch opposition from privacy advocates. However, in the aftermath of another terrorist attack, Congress might choose to push aside those concerns and pass legislation drafted without the advice of Silicon Valley, he said.
Rosenthal said U.S. law enforcement needs surveillance tools to learn about terrorist plots, and that’s where the tech industry can help. During his time in the White House, he noticed a “dramatic increase” in bad actors using encryption to thwart government efforts to spy on them.
“There are people trying to come up with a reasonable solution,” he said of efforts to find a middle ground on the encryption debate. “To immediately say there is no solution is counter historical.”
However, Rosenthal’s comments were met with resistance from Cindy Cohn, executive director for the Electronic Frontier Foundation, a privacy advocate. She also spoke at the talk and opposed government efforts to weaken encryption, saying it “dumbs down” security.
“This idea of a middle ground that you can come up with an encryption strategy that only lets a good guy into your data, and never lets a bad guy into your data, misunderstands how the math works,” she said.
Law enforcement already possess a wide variety of surveillance tools to track terrorists, she said. In addition, tech companies continue to help U.S. authorities on criminal cases and national security issues, despite past disputes over privacy and encryption.
But law enforcement has done little to recognize the risks of building backdoors into products, Cohn said. Not only would this weaken security for users, but also damage U.S. business interests.
“If American companies can’t offer strong encryption, foreign companies are going to walk right into that market opportunity,” she said.
Cohn also said any effort to force U.S. companies to weaken encryption wouldn’t necessarily help catch terrorists. That’s because other strong encryption products from foreign vendors are also circulating across the world.
“The idea that the Americans can make sure that ISIS never gets access to strong encryption is a pipe dream,” she said. “That’s why I think this is bad idea. Because I don’t think it’s going to work.”
The Versus 16 conference was sponsored by cybersecurity firm Vera.