San Bernardino Attack: All It’ll Take Is 'A 9mm On Times Square' For Congress To Limit Cell Phone Encryption
In the wake of the Paris and San Bernardino, California, terrorist attacks, U.S. lawmakers are using fears of another strike to garner support for a bill that would require social media companies to report activity possibly linked to terrorism. Beyond that, there are growing calls from multiple levels of law enforcement for Congress to pass legislation that would require smartphone developers like Apple and Google to provide authorities with so-called backdoors to their encryption algorithms -- which the Islamic State group and other terrorist organizations have relied on to hatch plots in secret.
Silicon Valley and its allies are not ready to let that type of legislation pass without a fight, arguing that weaker encryption would not only compromise user privacy, it would be welcomed by terrorists and unfriendly governments.
Sens. Dianne Feinstein, D-Calif., and Richard Burr, R-N.C., this week introduced a bill that would require a broad array of tech companies to report any terrorist activity to law enforcement authorities. Feinstein also announced she and Burr are working on another bill that would require American tech companies to decrypt online user communications and provide authorities access to that information in cases where law enforcement obtained proper court orders. Some contend this is what's known as a "back door."
Many tech companies already help fight crime by providing user data to members of law enforcement who have obtained warrants. And even though many top social networks, including Facebook, Twitter and YouTube, voluntarily report and take down terrorist activity on their services, this legislation would create a standard for all U.S. tech companies to follow, a spokesman for Feinstein told International Business Times.
“It’s true that some social media companies may be reporting some of the time, but there’s no indication they’re reporting all of the time,” Feinstein spokesman Tom Mentzer said. “Furthermore, while some companies like Facebook and Twitter may be doing more reporting, other companies and apps may be doing less or no reporting at all. This legislation creates one policy for all social media companies.”
Burr and Feinstein are not alone. The office of Sen. Marco Rubio, R-Fla., a prominent candidate for the GOP presidential nomination, also told IBT that Rubio supports such measures. Additionally, FBI Director James Comey this week put pressure on Silicon Valley to build its services with encryption technology accessible to law enforcement, making it easier for organizations like the FBI to monitor for terrorist activity.
“In May ... two terrorists attempted to kill a whole lot of people in Garland, Texas, and were stopped by the action of great local law enforcement,” Comey said at a Senate Judiciary Committee hearing Wednesday. “That morning, before one of those terrorists left to try to commit mass murder, he exchanged 109 messages with an overseas terrorist. We have no idea what he said because those messages were encrypted.”
These proposed laws have spurred tech companies to speak up and reiterate their commitment in the fight against terrorism. "Violent threats and the promotion of terrorism deserve no place on Twitter, and our rules make that clear,” a Twitter spokesman told IBT. “We have teams around the world actively investigating reports of rule violations, and they work with law enforcement entities when appropriate."
At the same time, tech companies are speaking up against the legislation, arguing that these proposed laws would be detrimental to user safety. "At Yahoo, our users come first, and we’re committed to building the best products to ensure a more secure user experience and overall digital ecosystem,” a Yahoo spokeswoman told IBT. “We strongly oppose efforts to mandate so-called backdoors into our products."
The Computer & Communications Industry Association, along with eight other tech trade associations, spoke out in opposition of the bill Friday in a letter addressesd to Burr and Feinstein. “While CCIA shares the concerns about combatting terrorism, this legislation will unfortunately do more harm than good," CCIA President and CEO Ed Black said in a statement. "The law as it is written now creates incentives for overreporting, for little security benefit, while further shaking worldwide internet users’ confidence in U.S. digital services.”
Though it's unclear if the bill could pass right now, all it would take is one more terrorist attack for more lawmakers to rally behind such a measure, said Jason Healey, senior research scholar of Columbia University's School of International and Public Affairs. Right now, support for this type of legislation is cutting across party lines, and that's "because fear crosses party lines," he said.
"It'll be at least January before they consider to take this up," Healey, a former White House director of infrastructure protection, said. "I wouldn't normally expect this type of bill to go very far, but all it's going to take is some extremist with a 9-millimeter on Times Square, and this would sail through."
'An Absurd Burden'
Silicon Valley insists that legislation passed in the name of security would actually hurt the privacy and safety of users, while exposing sensitive data to criminals, hackers and tech-savvy terrorists like the Islamic State group.
“If you’re building software, it cannot discriminate. It can’t know if you’re rich, poor, black, white, good or bad, and that’s the catch,” said Joel Grossman, chief operating officer of Locations Labs by AVG, a mobile security firm. “Governmental requests to weaken cryptography are incredibly dangerous. While it sounds good on paper, it’s a fundamental untruth that only good guys will go through the resulting backdoor.”
Additionally, many in tech argue that making these type of keys for the U.S. government and requiring this type of user monitoring by American tech companies will set precedents that could be exploited by the governments of nations that offer little protection of individual privacy. Those include nations like China, Russia, Venezuela, Turkey and Iran.
“The unintended consequences of that legislation would be catastrophic in a number of different ways,” said one employee of a major U.S. public tech company, who was not authorized to publicly comment on the matter. “Nations that don’t share our democratic values or commitment to due process are anxiously waiting to see if the U.S. will proceed with the weakening of encryption so that they don’t have to be the bad guy and bring it about themselves.”
Another concern the tech industry and its allies have lies in the wording of Feinstein and Burr’s bill. The Requiring Reporting of Online Terrorist Activity Act would mandate any entity providing “electronic communication service or a remote computing service to the public” to monitor for terrorist activity. In its broadest scope, that kind of terminology could include social networks, wireless carriers, phone makers and internet companies, but it could also include places like public libraries or cafes, which often provide Wi-Fi.
“It’s an absurd burden. Two kids in a treehouse with paper cups -- are they affected by that?” said David Meyer, vice president of product at OneLogin, a San Francisco-based identity management company. This legislation is “unenforceable but also puts an absurd burden on anyone participating in communication technology, and technology includes everything."
"I think there will be a huge backlash against it, and it will not succeed due to just the inherent flaws of it,” Meyer said.
This type of law could create a de facto Big Brother situation by requiring companies to report so much user activity to “the appropriate authorities,” said Emma Llanso, director of the Free Expression Project at the Center for Democracy and Technology, which opposes the legislation.
Another argument against the bill is that even if American companies are required to decrypt their technologies, foreign tech companies will continue to build encrypted software, which terrorists could easily migrate their communications to. Thus, this legislation would require Americans to give up more of their privacy and online security while causing little disruption to the online efforts of terrorist groups, a senior staff member for Sen. Mike Lee, R-Utah, said.
“If a mandate to decrypt is not going to actually help law enforcement all that much, then we want to be mindful of the privacy implications,” the staff member told IBT.
America Under Siege
Recent history stands on Silicon Valley’s side. The bill introduced this week by Feinstein and Burr is a rehash of a section of a much larger intelligence funding bill that was introduced this year. That section was forced out of the bill after facing stiff opposition from Sen. Ron Wyden, D-Ore., and lobbying by the tech industry.
“Wyden is certainly going to fight very hard against proposals that would not improve our safety and have real consequences for the way the internet works and for online cybersecurity,” Wyden spokesman Keith Chu told IBT.
Additionally, the White House in October announced its decision to at least temporarily abandon plans for legislation that would require tech companies to create government backdoors. Rep. Mike McCaul, R-Texas, chairman of the House Homeland Security Committee, announced legislation to create a special commission to discuss tech, terrorism and security, but he said he would not seek to create backdoors. And even the FBI’s Comey, who is against encryption, did not commit to supporting Feinstein and Burr’s bill Wednesday.
“The question of whether the answer is compelling them to do that by legislation is one that I can’t answer sitting here,” Comey said, according to The Hill.
But following the recent terrorist attacks in Paris and San Bernardino, Feinstein and Burr are trying to get the legislation through once again. Silicon Valley is hoping the past repeats itself and the bill falls flat, but the tech industry admits that the bill could garner more momentum now than it did earlier this year.
Though Feinstein and Burr's bill may not go through under the current format, Healey of Columbia University said he would not be surprised to see some sort of legislation pass due to the current climate. "The more that we're seeing America feeling like it's under siege, seeing Americans feeling scared, you certainly have bills like this that have a chance to pass," he said.
This article was updated at 1:20 p.m. EST to include commentary from the CCIA, which issued a letter opposing Burr and Feinstein's legislation Friday afternoon.
© Copyright IBTimes 2024. All rights reserved.