This week, tech industry leaders are scheduled to meet with President-elect Donald Trump. Should the discussion turn to encryption, they should remind him of psychologist Abraham Maslow’s saying: “If all you have is a hammer, everything looks like a nail.” Because when it comes to advancements in technology and encryption, it appears the Federal Bureau of Investigation only has a hammer.
Encryption prevents the FBI from accessing only a fraction of U.S. phones each year, yet the agency wants to ensure it can access every phone it encounters by legally requiring the installation of software backdoors, which would weaken the digital security of every American. There are other tools that can enable investigators without giving criminals an exploitable weakness that would put everyone at risk of cyber theft.
Of course, encryption can pose a challenge for investigations. Technological progress has, in some cases, made it harder to investigate and prosecute criminals. But sacrificing the security of millions of Americans for minimal gains in access to private data is not the answer.
News outlets recently reported that FBI forensic specialists analyzed a total of 6,814 mobile devices in the fiscal year 2016, and they were only unable to access data on 880 of them. It's possible that more confiscated phones were accessed by agents in the field. To put this in perspective, you are almost 10 times more likely to be struck by lightning in your lifetime than the FBI is to encounter a phone in the country that it cannot access.
The FBI’s solution to the rare instances of encryption it can't crack would make Maslow proud: ensure that any device is accessible to law enforcement by requiring tech companies to build backdoor access points into the software code of devices. This could extend to anything connected to the Internet, including home security cameras, smart appliances and various other technologies that know a lot about your life. The unintended consequences are potentially enormous.
Nowadays smartphones can contain a person’s entire financial history, medical records, correspondence and details of one’s intimate relationships. At the same time, cyber theft is skyrocketing with increasing sophistication. The idea that the government could mandate a security back door that only law enforcement agents could legitimately access is foolish. The bad guys will figure out how to open that back door, too. Cyber criminals and foreign governments could exploit weaknesses to access valuable data.
Even if law enforcement has trouble accessing some content on a fraction of the phones their technicians encounter, we still do not know if there is any useful information on those devices to begin with. For instance, although the government claimed that Apple’s encryption prevented the FBI from accessing valuable counterterrorism information in the aftermath of the San Bernardino attack, reports have since indicated that once the FBI successfully bypassed the phone’s security, the information found was of little value. Additionally, out of the FBI’s 880 reportedly inaccessible devices, we do not know how many of these phones, if any, obstructed the government from successful prosecutions. It is entirely possible that the scope of the challenge is even narrower than the FBI’s data show.
These statistics also do not illuminate what information law enforcement can already legally access from devices even when they are properly encrypted. For example, metadata—logs of when you send an email and to whom, among other things—can provide what some experts have characterized as “an enormous amount of surveillance data that was unavailable before [this technology] became widespread.” Often, this type of contextual data can offer substantial value for investigations. In other words, even if law enforcement cannot obtain certain content from a small number of devices, they may still gain critical insights from the metadata.
Technology companies should look for ways to assist law enforcement by helping agencies understand what data is available under the law and how to interpret it. At the same time, the President-elect and Congress should explore ways to bolster the technological capacity and resources of our public safety officers and give them additional tools. Seeking ways to expand law enforcement's access to metadata and analytical innovations, with appropriate civil liberties safeguards, would be a good start. This is a far more sensible solution than one that weakens not only the digital security of all Americans but also the spirit of our free government. Tech leaders should urge the President-elect to give the FBI—and all Americans—a more nuanced way to deal with digital threats.