Fallout from the U.S. government’s surveillance excesses continues to waft down upon the American tech industry, though that hasn’t stopped the Obama administration from setting off even more bombs.
In its zeal to force Apple to break the security on its own devices – matched only by its zeal to avoid testing that demand in court – the FBI and Justice Department lawyers simply blew off concerns voiced by Apple and many others in the industry that, if Washington forced it to undermine security and privacy measures, nothing would stop other governments from doing the same. While the FBI dropped the demand regarding the phone in the San Bernardino investigation when it found another way around the phone’s security measures, agency director James Comey expects more legal fights over encryption in the near future. And while government agents hope to use the same workaround on other devices, meaning they won’t need to secure the reluctant help of private companies, Comey has said about 12 percent of seized phones remain inaccessible without corporate assistance.
While a few other countries, including France and the United Kingdom, are considering legislation to limit or ban end-to-end encryption, no other government has publicly tried to force Apple and other device makers to crack their hardware-based encryption for law enforcement ends. Some other governments are busy trying to expose private data through other means, however.
Chief among these is a growing effort to force U.S. tech firms to store their data overseas. Thanks to Edward Snowden’s revelations, foreign governments can plausibly defend these actions as a way of protecting their citizens’ data from the prying eyes of U.S. intelligence. This reasoning, for instance, is the stated impetus for the European Union’s efforts in this direction. As I have written before, Europeans do not care to be spied upon, and their governments wish to protect citizens from American agencies’ snooping. But, of course, such demands are also a way of exposing user information to local authorities, whose appetite for data is just as ravenous as that of the U.S. authorities and whose intentions in using it can be much less honorable.
Does anyone think Iran, for example, is trying to protect its citizens by demanding that Facebook and other social media platforms put their servers in the Islamic Republic? Or is it more likely that Iran wants to make sure that it knows what its citizens are up to? Incidentally, eight people were recently arrested for posting Instagram images featuring women without headscarves. Iran’s government also doubtless wants to track its citizens’ foreign contacts for potential spying – or worse. Since the current regime took power in 1979, it has been accused of more than 160 assassinations of political dissidents abroad. Government access to citizens’ private data could have deadly consequences.
China, too, has pursued a hard line in demanding that companies store data on Chinese users in places where Chinese authorities can access it. This insistence has most recently been on display in negotiations with Facebook, whose founder, Mark Zuckerberg, has long demonstrated ambitions to crack the country’s giant market. Currently, Facebook is mostly inaccessible in China, thanks to the country’s “Great Firewall.” Zuckerberg has launched a charm offensive to try to get the People’s Republic to let its people make friends with the existing Facebook world. Whether Facebook likes it or not, the likely price of any such access will be, at a minimum, the storage of data on Chinese citizens inside China, if not an outright partnership with an existing Chinese company. This is not a point on which China seems likely to compromise. It is worth noting that China, too, has been known to pursue dissidents abroad.
For citizens of countries like Iran and China, data encryption on smartphones and other devices can literally be a matter of life and death. Yet as soon as a backdoor is developed and provided to U.S. government agencies, it will be vulnerable to foreign pressure aimed at manufacturers and to espionage aimed at our government – which has a less-than-stellar record of protecting its own data, even as it tries to vacuum up everyone else’s.
None of this seems to matter to Comey and his equally myopic cronies in the administration’s security apparatus. But it should matter a great deal to the rest of us.