It’s up to tech firms and privacy advocates to show “exactly, specifically and technically” how the government’s proposed backdoors into encrypted cellphones and other products would hurt data security, current and former law enforcement officials told lawmakers last week. At least one member of the Senate Armed Services Committee appears to agree, and that’s going to propel the long-running debate into some strange new territory.
First, a bit of background. In September 2014, Apple announced its iOS 8 operating system would encrypt phone data so the company itself could not read it.
“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” the company wrote on its website. “So it’s not technically feasible for us to respond to government warrants.”
Shortly afterward, Google announced a similar update for its Android 5.0 Lollipop operating system.
At the July 14 hearing, Manhattan District Attorney Cyrus Vance, who has said he holds more than 200 iPhones as evidence he can’t unlock, told lawmakers law enforcement had an “urgent” need for legislation compelling technologies to build backdoors into their encryption features.
“Each of our cases in state court have a statute of limitations,” Vance said.
Kenneth L. Wainstein, a former assistant attorney general for national security at the Justice Department, told lawmakers the burden is on technology companies and privacy advocates to show how backdoors would harm user security, rather than on law enforcement to prove that altering the encryption scheme would be safe.
“For the tech industry and civil liberties groups, this means laying out technically specific support for the contention that a government accommodation would undermine the integrity of default encryption,” he said. ”They should provide hard data that demonstrates exactly how—and how much—each possible type of accommodation would impact their encryption systems. It is only when Congress receives that data that it can knowledgeably perform its deliberative function and balance the potential cyber security dangers posed …