In the wake of deadly attacks in Paris, San Bernardino and elsewhere, many prominent American figures are calling on Silicon Valley companies to help in the fight against terrorism. President Obama on Sunday said that he would “urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice.” Democratic presidential candidate Hillary Clinton wants technology firms to “disrupt” ISIS, presumably the way they’ve disrupted taxis and hotels. And one of Clinton’s rivals, Republican candidate Jeb Bush, has said the government needs a “new relationship” with Silicon Valley.
So far, Silicon Valley leaders don’t seem interested—at least publicly—in taking up the charge. Apple CEO Tim Cook has spoken out forcefully against “the idea that our consumers should have to make tradeoffs between privacy and security.” Facebook chief Mark Zuckerberg, meanwhile, wrote last year that “the U.S. government should be the champion for the Internet, not a threat.” And Eric Schmidt, chairman of Google parent company Alphabet, believes law enforcement already has “many, many ways” it “can get what it needs.”
But let’s set up a hypothetical: Say companies like Facebook and Apple do a sudden about face and decide to work more closely with law enforcement. What could they actually do?
Here are three possible options, ranked from least invasive to most. Vote here on which option, if any, you think is best.
Less intrusive: Monitor for threatening messages
What it means: Social media companies like Facebook and Twitter could set up teams that monitor their networks for communications potentially linked to terrorism. This might be particularly effective in fighting ISIS’ online recruitment efforts, which Obama mentioned in his Sunday address to the nation.
Pros: On a technical level, Facebook and Twitter have the best access to the communications that happen on their respective platforms. Monitoring of this kind is already being done to some degree by government agencies and private firms; internalizing it could be more efficient.
Cons: The problem here is scale. More than one billion people log in to Facebook every day, sending an untold number of status updates and messages. Sorting through all that data for actionable information would be a significant challenge.
More intrusive: Open a “backdoor”
What It Means: After the Edward Snowden revelations, technology companies are increasingly embracing end-to-end encryption as a means of keeping users’ communications private. That means when users send a message its contents are garbled, decoded only when they arrive at the recipient’s device. Law enforcement groups want companies like Apple to provide a “backdoor”—a way for them to read encrypted messages without having physical access to targeted users’ devices.
Pros: While encryption protects everyday users’ messages from being read by people other than the intended recipient, it can also be used by criminals to plan or carry out nefarious acts. A backdoor could give law enforcement groups immediate access to information that might save lives in fast-moving emergency situations.
Cons: When backdoors are in place, encryption is meaningless. It wouldn’t be long before hackers, terrorists and other nefarious actors exploited them for their own malicious gains, detractors say, like identity theft or extortion. That argument apparently resonated with the Obama administration: The New York Times reported in October that the White House will stop asking tech companies to install backdoors.
Most intrusive: Give full database access
What It Means: Social media companies could give law enforcement groups carte blanche, come-as-you-please access to their databases.
Pros: Law enforcement groups would get all the information they could ever want from companies like Facebook, Twitter and so on.
Cons: It’s difficult to see how doing this wouldn’t be a clear violation of citizens’ constitutional rights. And it could be a self-defeating move, as it’s likely many users—not to mention the bad guys—would simply flock to alternative networks, perhaps based outside the U.S., that market themselves as a private alternative (or to the Deep Web, which couldn’t care less about U.S. government demands).