Tech companies including Apple and Facebook should provide encrypted user data to members of law enforcement, U.S. Senators said on Tuesday, with the added threat of imposing regulatory measures over the technology if they fail to do so.
A U.S. Senate Judiciary Committee hearing on Tuesday saw senators from both sides of the aisle urge for tech companies to help law enforcement gain access to potential evidence kept hidden from view by encryption. Citing cases involving child abuse and mass shootings where encryption prevented evidence that could have assisted investigators, executives from both Apple and Facebook were urged to change their working practices to provide more help.
"You're going to find a way to do this or we're going to go do it for you," Senator Lindsey Graham told the executives, reports Reuters. "We're not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."
Apple in attendance
But, it wasn't the end of the discussion, and the discussion won't be over for some time. Apple privacy chief Erik Neuenschwander and Facebook messaging privacy head Jay Sullivan were in attendance, with both taking the time to tell lawmakers to scrutinize the other firm more closely than their employer.
Sullivan repeatedly told the senators Facebook did not build devices or produce operating systems, and that it was open to the idea of "on-device scanning" that would flag illegal content automatically. Meanwhile Neuenschwander pointed out Apple doesn't "have forums for strangers to contact each other... and our business doesn't have us scanning material of our users to build profiles of them."
The latest bout in the ongoing encryption debate stemmed from a call by U.S. Attorney General William Barr and heads of law enforcement in the United Kingdom in October for Facebook to hold off from its plan to bring end-to-end encryption to all of its messaging services. WhatsApp is already using said encryption, with the proposals bringing it to others, such as Facebook Messenger.
Barr previously made calls for the creation of backdoors, suggesting in July the use of encryption itself "is already imposing huge costs on society," and it seriously "degrades the ability for law enforcement to detect and prevent crime before it occurs."
Barr and the other law enforcement officials wrote advising not to proceed with the plan unless it was possible Facebook could provide backdoor access to data, a common argument in the encryption debate.
Facebook declined to abide by their wishes, writing "The 'backdoor' access you are demanding for law enforcement would be a gift to criminals, hackers, and repressive regimes. That is not something we are prepared to do."
Apple's involvement in the latest committee meeting stemmed from its legal fight with the FBI over the San Bernardino shooting in 2016, where Apple declined to offer security-breaking assistance to investigators to gain access to an iPhone owned by the shooter.
While it does have an image of being protective of user privacy and data protection, including minimizing the amount of data it collects, anonymizing it, and using encryption where possible, the company still does adhere to warrants for data requests from law enforcement.
Continuation of a theme
The latest calls from the senators are only the latest attempt by governments to try and push tech companies into introducing a weakness into encryption. In June, it was reported senior White House officials discussed with members of the National Security Council about asking Congress to outlaw end-to-end encryption in its entirety, though it had some pushback from some government agencies.
Tech companies are fighting governments to try and maintain a strong encryption regime, and to avoid entertaining the possibility of weakening security at all. In one submission from Apple to an Australian parliamentary joint committee in 2018, it warned of the slippery slope in these requests, as the threats of prying for personal data "only grow more serious and sophisticated over time."
This is most likely in reference to the possibility for backdoors to be abused. Aside from hackers having potential access to a weak spot in encryption, the creation of backdoors could lead to law enforcement or government requests that reach further than fighting crime, and possibly into the realm of surveillance of its citizens.