Last week, FBI Director James B. Comey dispatched his minions to yell at Apple and Google for architecting their smartphones such that government officials cannot decrypt information stored on the devices — even when they have valid search warrants that would authorize them to do so. Comey said he could not understand why companies would “market something expressly to allow people to place themselves beyond the law.”
Can it be that the U.S. government still doesn’t realize that Apple, Google, and other U.S.-based firms have to compete in the global marketplace? U.S. surveillance policies are undermining our companies’ ability to compete. As Chris Sprigman and I argued back in June of 2013, the U.S.’s warrantless surveillance of everyday foreigners’ communications causes serious collateral damage to America’s technology companies and to our Internet-fueled economy, not to mention to human rights and democracy the world over. NSA’s use of fake Facebook servers to deliver malware to surveillance targets doesn’t do the U.S. based company any favors in the global marketplace.
Nor will FBI pressure on Google and Apple help those companies compete in the smartphone market. There are about five or six major smartphone manufacturers which currently dominate the U.S. market. Google and Apple are competing domestically with South Korea-headquartered Samsung and LG, and Taiwan-based HTC. All these players are battling globally for market share and competition is fierce. China’s Xiaomi is suddenly fifth in the world, and there are fourteen other Asian manufacturers hoping to crush leaders Samsung and Apple.
Global customers do not want backdoored products anymore than Americans do, and with very good reason. Authoritarian countries like Russia, China, the United Arab Emirates, Sudan, and Saudi Arabia want to censor, spy on, and control their citizens’ communications. These nations are just as able to make demands that Apple and Google decrypt devices as the FBI is, and to back up those demands with effective threats. These nations also have spy agencies that can exploit weak security architectures. Backdoors expose confidential information to identity thieves, business competitors, American law enforcement, and oppressive governments on an equal opportunity basis. Protecting my data from unauthorized access is not lawless behavior—it’s preventing lawless behavior. On balance the public is more secure, not less secure, with the wide use of strong cryptography — including cryptography without back doors or centrally escrowed keys.
Demanding key escrow from Apple and Google isn’t just bad for business. It’s not going to work. As a customer, if Apple and Google don’t make secure devices, I will buy a better-built phone or tablet from another company, including one headquartered overseas. Once I’ve got my device, I’m more or less in control of the software on it. I can install stronger crypto on my phone. Apps make doing this easier and easier, as the protestors in Hong Kong are showing with FireChat. I use RedPhone and TextSecure from Whisper Systems to secure my communications on my Android device in a manner that law enforcement cannot readily decrypt. Downloading, installing, and learning to use them took me less than five minutes.
For more on this issue, see
Susan Landau: Securing Phones – and Securing US
Julian Sanchez: Old Technopanic in New iBottles
Cindy Cohn: Nine Epic Failures of Regulating Cryptography