At a hearing in front of the U.S. Senate Committee on the Judiciary Tuesday, lawmakers on both sides of the aisle broadly agreed that tech companies must build in ways for law enforcement to access encrypted data or it will do so itself by enacting a federal law. Lawmakers expressed concern for public safety, including acts of terrorism or crimes like child exploitation, if technology companies don't better cooperate with law enforcement on creating backdoors.
But the technology companies that took the witness stand wouldn't make many concessions, citing that breaking down their product's encryption by creating backdoors makes everyone's privacy and security weaker.
The lawmakers' arguments were heavily based on complaints from law enforcement about the ability to solve crimes involving personal devices. Sen. Dianne Feinstein, D-Calif., described her personal mission to get this done, fueled greatly by the 2015 terrorist attack in her state.
"I am determined to see that there is a way that phones can be unlocked when major crimes are committed. It is a vital piece of evidence, whether that's liked by you or not," Feinstein told the witnesses, including representatives from Facebook and Apple. Feinstein referenced the San Bernardino massacre, at which there were "a lot of people killed and a lot of people injured. And what was there? A cellphone." An encrypted iPhone. Feinstein said she learned at the time that even when "a United States senator calls and asks for help for law enforcement, that help is denied."
New York District Attorney Cyrus Vance, the sole law enforcement representative at the hearing but whose testimony lawmakers on both sides of the aisle seemed heavily persuaded by, explained the problem.
"Until the fall of 2014, Apple and Google routinely provided law enforcement access to their mobile phones when they received a court-ordered search warrant. That changed when they rolled out their first mobile operating systems that, by design, often make the contents of smartphones completely inaccessible. In doing so, Apple and Google effectively upended centuries of American jurisprudence holding that nobody’s property is beyond the reach of a court-ordered search warrant."
Essentially, Apple and Google's new models made it so even the companies themselves can't access encrypted data, a move Apple witness Erik Neuenschwander said was aimed at protecting individual users' privacy from, especially, hackers and other malicious threats. He said in the last seven years, the company has responded to more than 127,000 requests from U.S. law enforcement and added the "number of U.S. government requests has increased over 100%, indicating that the information we are providing is valuable to investigations."
Feinstein asked Neuenschwander, "My understanding is even a court order won’t convince you all to open the device, is that true?"
Neuenschwander said, "We don’t have in our capability today the ability to give this data off the device to law enforcement. Ultimately, we believe that strong encryption makes us all safer, and we haven’t found a way to provide access to users’ devices that wouldn’t weaken security for everyone."
Neuenschwander's claims that Apple was doing its part to fight crime fell on deaf ears.
Sen. Lindsay Graham, R-S.C., opened the hearing making it quite clear his thoughts on the hardware and software technology companies have built for encrypted communications.
"You’re gonna find a way to do this or we’re gonna do it for ya," Graham said of solving the problem. "We’re not gonna live in a world where a bunch of child abusers can have a safe haven to practice their craft. Period, end of discussion. You’re either the solution or the problem. Having said that I appreciate all you’re doing to protect our data, our privacy, I don’t want people listening to my phone calls or reading my messages, I get all of that. But being an American, I also don’t want a situation where criminals can exploit this technology to hide behind it."
Graham's threat, that federal legislation would be enacted to allow access to encrypted communications in specific cases, was echoed by several lawmakers throughout the hearing.
Sen. Richard Blumenthal, D-Conn., warned the tech representatives that big tech "enjoys uniquely, and I want to emphasize uniquely, almost complete immunity from legal responsibility by virtue of Section 230 [of the Communications Decency Act]. And that will end because the American people are losing patience, as you've heard around this table. ... That kind of immunity will be short lived if big tech isn't able to do better."
Sen. Marsha Blackburn, R-Tenn., had her own set of threats for the tech witnesses at the table.
"It is troubling to me to hear you say that giving the key to law enforcement would cause a weakness in the device; that would be a bad trade-off," she said. "Catching criminals is never a bad trade-off, and what you’re doing by negating the access to the key, which did exist [prior to 2014], is you’re shielding criminals, and basically what you’re doing is creating a sanctuary cloud, where these criminals say, 'This is our safe harbor; this is our sanctuary.' And that is why on a bipartisan basis, you are hearing us say, 'You know we’ve slapped your hand enough, and you all have to get your act together, or we will get your act together for you.' But this is not going to continue."
Sen. Joni Ernst, R-Iowa, asked the witnesses if they'd be willing to work with Congress before things came to federal legislation. "Can you say you'll proactively change the way you do business without an act of Congress?"
Speaking on behalf of Facebook, Jay Sullivan said the company is trying to do so. "We’ve been steadily beefing up our efforts in this area to around 35,000 people who are monitoring content, making reports and actively identifying new systems to identify bad actors before they can spread that imagery." Sullivan was talking about the spread of child pornography, which senators frequently cited as a concern that encrypted data would protect. "The reason we’re here and the reason we announced our plans to encrypt Messenger two years in advance was to have these working sessions."
Importantly, the day before the hearing, Facebook sent a note to U.S. Attorney General Bill Barr that it would not create a backdoor into its encrypted Messenger or WhatsApp products.
Apple's Neuenschwander echoed Sullivan that the reason he stood before the committee Tuesday was because they are interested in working with law enforcement.
In the end, District Attorney Vance and lawmakers on both sides seemed unmoved by the tech companies' testimonies.
"Five years since the smartphone encryption sea change, it is unconscionable that smartphone manufacturers, rather than working with government to address public safety concerns, have dug in their heels and mounted a campaign to convince their customers that government is wrong and that privacy is at risk," Vance said. "Because Apple and Google refuse to reconsider their approach, I believe the only answer is federal legislation ensuring lawful access. Tech goliaths have shown time and again they have no business policing themselves."
For now, Graham has said that if there's no change by this time next year on behalf of tech companies, government's hand will be forced to make the change itself.
If you missed the hearing, you can read witness testimonies and watch the archive of the live event here.