The circumstances are familiar: a deceased criminal, a locked phone, a determined FBI and a defiant tech company.
After Devin Kelley murdered 26 people at the Sutherland Springs First Baptist Church in Texas earlier this month, law enforcement obtained a warrant to search his phone, reportedly an Apple iPhone. But, they say, they can’t get access to its encrypted contents because they don’t have the passcode. The phone has been sent to the FBI’s headquarters in Quantico, Virginia for analysis.
“We are working very hard to get into the phone,” special agent Christopher Combs told reporters Nov. 7. “It could be tomorrow, it could be a week, it could be a month.”
The situation echoes the circumstances that arose after the San Bernardino mass shooting in December 2015, when the FBI and Apple faced off in a tense legal and political fight over encryption. Back then, the FBI successfully asked a court to order Apple to write new software to allow them to bypass a security feature, which would wipe the phone’s data after 10 failed passcode attempts. Apple refused, arguing that creating a tool to hack the phone would undermine everyone’s security. Eventually, the FBI relented, paying a third party over $1 million to unlock the phone. The so-called crypto-wars cooled off.
Even before the Sutherland Springs shooting, there were signs the fight over encrypted communications was making a comeback. At the end of the summer’s G-20 meeting, world leaders issued a statement on countering terrorism. In its second-to-last paragraph, the document encouraged “collaboration with industry to provide lawful and non-arbitrary access to available information where access is necessary for the protection of national security against terrorist threats.”
Behind the carefully crafted diplomatic language an old battle rears its head: the crypto-wars. While the question of what to do with encrypted communications may have largely dropped out of the U.S. headlines after the FBI found its San Bernardino work-around, the problem at the heart of it has not been resolved.
Indeed, the encryption debate is still raging abroad. In Britain, Home Secretary Amber Rudd is calling for access to WhatsApp messages in the wake of terror attacks in Manchester and London. The Investigatory Powers Act, passed late last year, may empower the government to demand companies to break their encryption via “technical capability notices.” The law followed earlier suggestions by Prime Minister David Cameron that he would ban encryption entirely. In Australia, Prime Minister Malcolm Turnbull announced in July that he will introduce legislation modeled on the UK laws which will require companies to give investigators access to encrypted communications. And in Germany, a law passed in June allows investigators to install malware on devices to allow them to read encrypted communications, after Interior Minister Thomas de Maiziere declared that “we can’t allow here to be areas that are practically outside the law.”
For all of these countries, though, the United States is key. The U.S. is home to most of the companies whose popular products figure centrally in these debates – including Apple’s iPhone, Facebook, and WhatsApp, the Facebook-owned messaging service. Its status as the driving force behind the world’s technological revolution over the last 40 years, combined with its market power and tradition of deep involvement in global issues, means that whatever direction the U.S. moves in the encryption debate will have a significant impact worldwide.
But in the U.S., the issue has grown quieter for now. Ten months into his presidency, President Donald Trump hasn’t addressed the question, even as he’s offered condolences on mass shootings and promised to fight back hard against terrorism. By saying nothing so far, Trump has maintained the encryption-rich status quo, in which people using end-to-end encrypted services like WhatsApp, iMessage and Facebook messenger can be relatively content that the government isn’t reading their communications, even if law enforcement obtained a warrant. But it’s far from certain that Trump has taken a considered position on the matter (reporting suggests the issue has been controversial within his administration), and it’s possible he hasn’t turned his mind fully to the issue yet, and won’t until forced to.
While the question remains unresolved in Washington for now, it won’t stay that way. Allies are ratcheting up the pressure on the U.S. to work towards a fix. In addition to the G-20 meeting, the issue was raised at June’s Five Eyes meeting between representatives of the intelligence alliance comprised of the U.S., Canada, Australia, the U.K. and New Zealand. And eventually, perhaps in the next few weeks, another Apple v. FBI will come along and Trump will have to make a choice.
So what do we know about Trump’s views and those of his advisers? Here is a look at all of the available clues.
Trump’s Personal Views
Trump has never made any policy proposals about encryption. The most salient clue is probably his comments at the time of the Apple/FBI showdown, which were critical of Apple. In an interview on Fox & Friends, he said that Apple should give the FBI access to the phone in question, saying “Who do they think they are?” He also suggested a boycott of Apple until they complied with the court’s order.
In general, Trump has delivered strong rhetoric on counterterrorism and law enforcement, and has not demonstrated a concern for privacy. He has expressed concern over terrorists “using the internet” and “recruiting people…literally brainwashing people,” and opined that terrorists are “using the internet better than we use the internet…our people don’t have a clue.” That said, two incidents have led Trump to advocate for privacy. In March, the president tweeted that Obama had Trump’s “wires tapped” in Trump Tower during the election campaign and described it as “McCarthyism”. While there’s no reason to believe that happened (and plenty of reasons to believe it didn’t), his outrage implies a support for privacy rights over invasive investigatory strategies. Separately, Trump expressed anger over former National Security Adviser Susan Rice’s unmasking of the names of Trump campaign officials who met with the United Arab Emirates’ crown prince Zayed al-Nahyan in a secret meeting in New York after the election. Again, that position seems to value civil liberties over the demands of intelligence officials.
However, those positions were politically and personally convenient – in reality, they probably weren’t motivated by a concern for privacy. I think it’s fair to say that we shouldn’t expect him to take a stand for privacy rights or civil liberties (although if special counsel Robert Mueller were to seek access to encrypted communications in the course of his Russia investigation, that could change things).
And what about those around him? Here’s where key figures influencing Trump stand:
1. Attorney General Jeff Sessions is a strong anti-encryption voice within the administration. In his confirmation hearing, Sessions said that it was “critical that national security and criminal investigators be able to overcome encryption.” In a separate congressional hearing, he said the issue was “more serious” than Apple CEO Tim Cook understood, and could make all the difference in a criminal case or a “life and death terrorist case.”
2. Other Justice Department figures
- Deputy Attorney General Rod Rosenstein has been the leading administration voice criticizing strong encryption. He addressed the question elliptically at a congressional hearing in June. Referring to the “going dark challenge,” Rosenstein said that law enforcement’s inability to access electronic communications “severely” impaired investigations and jeopardized public safety, and that the department had to “keep adapting to evolving challenges.” It wasn’t explicit but the suggestion is there – that law enforcement needs greater powers to break encryption. In late August, the message became more explicit: in a speech in Utah Rosenstein cautioned that “legislation may be necessary” if tech companies don’t cooperate. He developed his line of thinking even more in relation to the Devin Kelley case this month, telling an audience in Maryland that encryption “costs a great deal of time and money. In some cases, it surely costs lives.” In October, he hinted that the tech industry should be coerced into providing a technological solution to this problem. “The approach taken in the recent past – negotiating with technology companies and hoping that they eventually will assist law enforcement out of a sense of civic duty – is unlikely to work,” he told the U.S. Naval Academy.
- DOJ’s National Security Division head Dana Boente, who recently announced his resignation, also addressed the issue briefly at the Aspen Security Forum in July. Boente suggested that the U.S. might sit back and follow Europe’s lead, saying that “The terrorism challenges in Europe are really kind of tough…they may lead the way and carry some of our water on this.” Boente painted a picture of a kind of domino effect, where enough countries legislate that tech companies find a technological solution to this policy problem.
3. FBI Director Christopher Wray His predecessor James Comey often spoke about the ‘going dark’ challenge, and he was at the reins of the FBI when it took on Apple. But what about Wray? He hedged his bets at his July confirmation hearing, describing the question as “one of the most difficult issues facing the country” and urging for a “balance” to be struck between the importance of encryption and the “importance of giving law enforcement the tools they lawfully need to keep us all safe.”
4. CIA Director Mike Pompeo won’t be a direct decision-maker on the issue but will probably influence where Trump stands. Last year he wrote an op-ed saying that “the use of strong encryption in personal communications may itself be a red flag” for terrorism, but conceding that a technological backdoor would lead terrorists to communicate via foreign or home-made encryption.
5. NSA Director Adm. Mike Rogers has publicly adopted a strong pro-encryption position. Speaking to the Atlantic Council last year, he said that encryption was “foundational to the future,” and that it was a “waste of time” to argue about it. He went on: “What we’ve got to ask ourselves is, given that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
6. Director of National Intelligence Dan Coats In his confirmation hearing, Coats acknowledged the importance of encryption for security and privacy, and said there needed to be an “ongoing conversation” about legal authorities to access communications. As a senator, Coats supported the Burr-Feinstein draft law that would have given law enforcement the power to force companies to break into a suspect’s phone. The ODNI’s former general counsel Bob Litt had previously told colleagues that a terrorist attack or criminal event might be the occasion for changing policymakers’ minds on encryption.
Where Trump goes on this issue will probably be influenced by circumstances: In the case of a terrorist attack implicating end-to-end encryption, he’ll probably want to look tough on national security and may press for a legislative solution. That’s also a real possibility if the FBI pushes the Sutherland Springs issue further, publicly criticizing Apple or again bringing proceedings to try to force them to let them into Kelley’s phone.
But if the issue evolves naturally, there is enough division among his advisers that the administration may not take firm action on its own. It’s far more likely that the government will follow the playbook of allies who are trying to pass the ball, re-characterizing the issue as a technological problem rather than a policy one, and putting pressure on the tech world to solve it. In countries that are making moves to be able to access encrypted communications, governments seem to be shying away from talking about “backdoors.” Instead, they’re moving towards a discourse of cooperation and arguing that they want to work with tech companies to create solutions which address the problem. That idea was evident in the language of leaders’ statement after the G-20 conference, which called for “collaboration with industry” to provide access to information where necessary for national security. (Never mind that tech companies say they’re already cooperating to the extent they think they can without endangering cybersecurity.) In political terms, it’s probably fair to say that the FBI lost its battle with Apple, and so will probably be hesitant to take it on so directly again. But if the government drops its adversarial posture, and instead appears conciliatory and asks to work together to find technological solutions to the going dark problem, companies like Apple might lose their political advantage as they appear uncooperative and insensitive to national security concerns. They would have to persuade the public that there could never be a technological solution that would allow access to terrorists’ communications while keeping everybody else’s secure.
If tech companies remain intransigent, the U.S. may pursue an international solution. Boente hinted at something like this strategy in his address at the Aspen National Security Forum, suggesting that the U.S. could share the political cost of taking action with Europe. One option might be to enter a formal international agreement, as argued for by Australia, whereby allied states would impose coordinated legal obligations on tech companies to hand over communications in response to a warrant. If it seems being a first mover would be too politically difficult, Trump may find cover in being the second or third mover, or the first among many.
It’s the policy challenge that’s not going away any time soon: Expect the encryption debate to heat up within this presidential term, and possibly even in the coming weeks. With the government’s security heads publicly taking different approaches to the issue, and Trump’s own views not obviously settled, it’s also an unpredictable one. Whichever way Trump moves in the crypto-wars, however, it will be sure to have a major impact on internet freedom and security worldwide.