As the U.S. Department of Justice continues to wage a battle with Apple over government access to encrypted data on various iPhones, the giants of Silicon Valley have rallied to Apple's side. Now, a coalition of tech company heavyweights is lobbying to defeat legislation that would restrict the types of encryption they can use in their devices, apps and services.
Reform Government Surveillance – an advocacy group that counts Apple, Facebook, Google, Microsoft, and Twitter as founding members – sent a letter to Senators Dianne Feinstein and Richard Burr Tuesday, voicing opposition to a proposal that would force tech companies to retain access to their customers' encrypted data and extend that access to government or law enforcement agents with the proper warrants.
The draft legislation does not explain how companies might decrypt the secure communications of their customers and provide them to law enforcement in a readable format. The bill simply states that tech companies must do so when compelled by a court order.
"We write to express our deep concerns about well-intentioned but ultimately unworkable policies around encryption," the coalition wrote.
As the companies explain in their letter, the encryption bill, sponsored by Feinstein and Burr, would mandate that "when a company or user has decided to use some encryption technologies, those technologies will have to be built to allow some third party to potentially have access." But creating that special access, the companies argue, will to lead to "unintended consequences."
Malicious actors could exploit this special access, undermining the security built into consumer products, the coalition argues. It also contends that a U.S. government mandate would weaken the global competitiveness of technology firms in the States since the new law would apply only to American companies, leaving businesses abroad free to offer more secure products.
"We believe it is critical to the safety of the nation’s, and the world’s, information technology infrastructure for us all to avoid actions that will create government-mandated security vulnerabilities in our encryption systems," the letter reads.
For Feinstein and Burr, however, the current state of affairs is unacceptable — in which law enforcement officials say they are incapable of pursuing leads or thwarting terrorist activity because of strong encryption.
"When there’s a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law,” the Senators told BuzzFeed News in a statement provided when their bill was first publicized.
During a hearing in Congress Tuesday, Amy Hess, a top technology official with the FBI urged lawmakers to continue discussing alternatives to the status quo.
"We support strong encryption," Hess said. "But we have seen how criminals, including terrorists, are using advances in technology to their advantage."
Following the lead of FBI Director James Comey, Hess said one possible way forward is for technology companies to employ older security protocols, in which the company retains the ability to access the encrypted data of their customers.
So called end-to-end encryption, however, used by companies like Apple and WhatsApp, allow only the customer to read encrypted data — the companies themselves are essentially locked out. But what these firms see as a beneficial evolution of digital security is to law enforcement officials the enabling of "warrant-proof" spaces in which criminals can conspire without fear of detection.
Rejected by the tech industry, and vehemently opposed by privacy-minded lawmakers like Sen. Ron Wyden, the Feinstein-Burr bill seems increasingly unlikely to make it through Congress during what remains of the legislative calendar year.
Hamza Shaban is a technology policy reporter for BuzzFeed News and is based in Washington, DC.
Contact Hamza Shaban at Hamza.Shaban@buzzfeed.com.
Got a confidential tip? Submit it here.