After a highly publicized battle in courts and in the media, the Federal Bureau of Investigation announced last week that it was able bypass the security on an Apple iPhone even without assistance from the company. Advocates of domestic law enforcement praised that outcome, but the bureau also received widespread opprobrium over the course of the debate, even from leaders in other corners of law enforcement.
“Get over it,” retired Gen. Michael Hayden said in comments directed at the FBI earlier in the month, in reference to the agency’s quest to break encryption. “Understand that no matter what we do with Apple, it’s going to get harder and harder to get content.”
Though Hayden led the National Security Agency and the Central Intelligence Agency under President George W. Bush, his position does not make him an outlier in that community. Adm. Mike Rogers, the current head of the NSA, struck a similar chord in January when he called encryption “foundational to the future” and said the debate over how to weaken it was a “waste of time.”
Observers note several reasons for that divide between the NSA and domestic law enforcement officials. One is that the NSA has advanced technical capabilities. Some of those capabilities are known, but others are not. One thing that is known, thanks to documents leaked by former contractor Edward Snowden, is that the NSA often hacks into companies to steal encryption keys when they exist.
That doesn’t help the agency when it comes to something like end-to-end encryption, which protects content from being viewed even by the company hosting it, but it does give the agency more of an edge.
Another reason for that divide comes from an international perspective with which the FBI is less involved. If the U.S. weakens cybersecurity in order to strengthen national security, observers like Hayden have noted, it could also have the unintended effect of helping foreign governments and hackers to spy on American citizens.
During a Senate hearing in September, Rogers even acknowledged that the NSA’s practice of seeking encryption keys could be a double-edged sword in that respect, when he was pressed on the issue by Sen. Ron Wyden, D-Ore. “As a general matter, is it correct that anytime there are copies of an encryption key — and they exist in multiple places — that also creates more opportunities for malicious actors or foreign hackers to get access to the keys?” Wyden asked him.
“It depends on the circumstances,” Rogers replied, “but if you want to paint it very broadly like that for a yes and no, then I would probably say yes.”
That criticism puts domestic law enforcement, led by FBI Director James Comey, on an island of sorts, facing fire from the tech community and receiving at best lackluster support from colleagues who see as much danger in weakening encryption as in leaving it alone.
“If I were in Jim Comey’s job, I’d have Jim Comey’s point of view,” Hayden noted in February. “But I’ve never been in Jim Comey’s job … My view on encryption is the same as [former Homeland Security Secretary] Mike Chertoff … [former Deputy Secretary of Defense] Bill Lynn’s and [former NSA director] Mike McConnell, who is one of my predecessors.”
In the case of the iPhone on which the FBI managed to circumvent security, it did not represent an instance of breaking encryption. If the FBI succeeded using the software it had been looking for, it merely found a way to preserve data on the device while it hacked the passcode. The contents would normally be destroyed after an incorrect code had been entered more than 10 times.
That amounts to a temporary fix, albeit one that could help law enforcement resolve more than one source of frustration stemming from Apple products. Manhattan District Attorney Cyrus Vance, for instance, has often lamented 175 iPhones his office has in storage that he would like to have unlocked.
It remains to be seen how widely the FBI will share its technology. It has the potential to temporarily relieve some of the consternation surrounding encryption and other strong security features offered by companies like Apple, but it does not resolve questions of the principle underlying the debate.
Yet in light of the current dynamic, it seems unlikely that public sentiment will shift toward favoring anti-encryption forces anytime soon. The most that they may be able to hope for is a middle-of-the-road approach, encapsulated well in comments made by Defense Secretary Ash Carter last month.
“I’m not a believer in back doors or a single technical approach to what is a complex problem,” Carter told the RSA security conference in tech-friendly San Francisco. “I don’t think we ought to let one case drive a single solution.”
Carter also cautioned against a legislative solution, saying it could lead to “a law written by people who won’t have the technical knowledge of the people in this room, maybe written in an atmosphere of anger or grief.”
Ultimately, Carter seemed to endorse retaining strong encryption while simultaneously allowing law enforcement to keep seeking ways around it.
“We have to innovate our way to a sensible result for data security,” Carter said.
