DOJ’s Anti-Encryption Efforts are Harmful to Startups
TLDR: The Department of Justice is continuing its push for tech companies to undermine their users’ security by building in intentional vulnerabilities. In the latest spat between Apple, Attorney General William Barr is claiming that the company is not helping officials unlock two iPhones belonging to the shooter in last month’s deadly shooting at a Florida naval air base, despite the fact that the older model devices can likely be accessed and Apple has already turned over the relevant data in its possession.
What’s Happening This Week: Attorney General Barr and other government officials have called for tech companies to create intentional vulnerabilities—described as “front doors” or “backdoors”—that would give law enforcement access to encrypted data. However, DOJ officials have upped their anti-encryption rhetoric in the last few weeks after locating two locked and encrypted iPhones belonging to the shooter in the Naval Air Station Pensacola shooting last month that killed three U.S. Navy sailors.
Apple and the FBI previously butted heads over ways of circumventing encryption protections after a locked iPhone belonging to one of the perpetrators of the 2015 San Bernardino terrorist attack was recovered by agents. The FBI was ultimately able to hack into the phone without Apple’s assistance. The two iPhone’s recovered from last month’s shooting can reportedly already be accessed with existing tools, undermining the argument that the devices’ encryption is a hindrance to law enforcement.
Why it Matters to Startups: While the Justice Department appears to be focused on Apple’s use of secure encryption, weakening security and privacy protections in the name of greater law enforcement access would impact companies of all sizes and their users. In particular, creating intentional vulnerabilities in secure encryption protections would be especially harmful to startups that want to protect their users and better compete with large competitors.
As other experts have noted, it is impossible to create a vulnerability that can only be used by “the good guys” and cannot also be exploited by “the bad guys.” Despite the semantics, special “front door access” for law enforcement officials—as a DOJ spokeswoman recently called for—would undermine any secure encryption protections a company or startup could create, no matter how effective the protections themselves might be. A vulnerability of any sort could, and likely would, be exploited by hackers and other bad actors looking to breach strong encryption protections. This is particularly bad for users that rely on secure communications and data storage, including journalists, government activists, whistleblowers, LGBTQ+ individuals, and others around the world who could face persecution and threats if their devices or data were compromised.
Security and privacy are major concerns for consumers all across the world, particularly as hackers and cyber criminals become more sophisticated in their attacks. In an atmosphere of consumer skepticism about tech companies, startups that offer encrypted products and services can better compete with large tech companies. If they’re forced to build intentional vulnerabilities into their encrypted products and services, startup will lose that competitive advantage and have to spend time and money building and defending the “backdoors” created to facilitate law enforcement access. Forty startups made this argument to congressional leaders in a 2016 letter after the FBI pressed for the creation of intentional vulnerabilities following the San Bernardino shooting.
Apple is continuing to assist DOJ officials with their investigation into last month’s Pensacola naval base shooting, and Engine strongly supports startups and tech companies in their efforts to aid law enforcement officials. But we remain concerned by law enforcement’s continuing calls for weaker encryption protections, which would severely harm consumers’ privacy.
For more information on what encryption is and how it is used today, please see our most recent booklet on the "Nuts and Bolts of Encryption" that we wrote with the Charles Koch Institute last year.
On the Horizon.
The Government Blockchain Association’s U.S. Capitol event on “The Future of Money, Governance, and the Law” is at 9 a.m. next Friday, Jan. 31.