Intelligence agencies and tech firms have little choice but to compromise
Those who forget the past are doomed to repeat it, the saying goes. This seems to be particularly true in the digital world. Two decades ago America’s National Security Agency developed a special encryption chip for mobile phones, called Clipper, that came with a digital backdoor so spooks and police could listen in. It was meant as a compromise, but abandoned as the NSA and the FBI, at least outwardly, lost the “crypto wars” against a powerful coalition of internet activists and technology companies.
Since the underlying conflict—the need to protect online privacy with strong encryption versus the authorities’ need to eavesdrop occasionally—was not resolved, it is now coming back with a vengeance. On November 3rd Robert Hannigan, the new director of GCHQ, Britain’s surveillance agency, accused social networks and other online services of becoming “the command-and-control networks of choice for terrorists and criminals”. The same day Michael Rogers, the NSA’s new head, raised these questions in a speech in Silicon Valley, albeit in a less strident tone.
The statements are a reaction to technology firms reinforcing their products and services with strong cryptography to keep or attract privacy-conscious customers. Most prominently, data on Apple’s iPhones are now encrypted, with the owner holding the key, so that the firm will no longer be able to unlock the devices even if ordered to do so by a court. Such innovations were in turn partly a reaction to the revelations by Edward Snowden, a former NSA contractor, which showed that the NSA and GCHQ had resorted to widespread digital surveillance. Both sides have a point—but also weaknesses in their arguments. Intelligence services and law enforcers certainly need access to communications and content in some cases, particularly to fight terrorism. But it would be a surprise if the NSA had not already found a way to tap, say, WhatsApp, a highly popular messaging service. What is more, the backdoors that agencies would like to see installed could also let malicious hackers get in too, not least those based in China.
As for America’s technology companies, they worry that they will lose custom, in particular abroad. A growing number of foreign firms are already avoiding American providers of cloud computing because they are worried that their data may be siphoned off by the NSA without them knowing about it. At the same time, firms like Google and Facebook are not in the best position to criticise intelligence agencies for being data hungry: their business is mostly built on sucking up as much information about their customers as possible.
Although the shrill rhetoric on both sides suggests the opposite, it seems mostly a negotiating tactic. Mr Rogers’s speech in Silicon Valley was essentially an offer to talk. “I’m not one who jumps up and down and says either side is fundamentally wrong,” he said. “We have no choice but to come to an agreement,” says the boss of an American technology giant. A deal would be welcome, but only if the rules are transparent, enforceable—and apply not just to American agencies, but to the other members of the “Five Eyes”, the intelligence alliance which also includes Australia, Britain, Canada and New Zealand.
Will it happen? More likely, there will be muddling through—just like after the Clipper chip. Technology companies will negotiate some arrangement to satisfy information requests by governments. And intelligence services will try to exploit vulnerabilities in encryption technologies or create backdoors surreptitiously. Until, perhaps, another Snowden comes along.