Republican and Democratic senators found themselves in rare agreement Tuesday as they warned that technology companies must design their products’ encryption to comply with court orders, regardless of any cybersecurity risks.
Representatives from Apple and Facebook faced the bipartisan outrage during a Senate Judiciary Committee hearing about their use of warrant-proof encryption, as an influential New York prosecutor warned that the companies were stymieing investigations into terrorism, organized crime and child sexual exploitation.
One by one, the senators told the Silicon Valley witnesses that if they didn’t implement warrant-compatible encryption voluntarily, Congress would force them to do so.
“My advice to you is to get on with it, because this time next year, if we haven’t found a way that you can live with, we will impose our will on you,” warned Judiciary Chairman Lindsey Graham (R-S.C.), who reversed his 2016 stance on encryption in his opening remarks.
Sen. Dick Durbin (D-Ill.), the upper chamber’s No. 2 Democrat, echoed Graham’s warning. The encryption debate is about whether to allow companies to be “beyond the reach of the law,” he said.
Durbin showed little patience for Silicon Valley’s argument that encryption protects ordinary Americans from hackers and repressive regimes that want to spy on users' communications. The Judiciary hearing was not about those threats, he said. “We’re talking about our government protecting our citizens” from crime.
Sen. Joni Ernst (R-Iowa) warned the tech-industry witnesses that if an encryption solution “doesn’t happen by you, it will happen by Congress.”
Tech companies need to “get your act together, or we will gladly get your act together for you,” said Sen. Marsha Blackburn (R-Tenn.), after noting the bipartisan frustration at the hearing.
At one point, the witness from Facebook began to caution that encryption was “a very complicated, technical ... . ”
Graham cut him off. “Well, it ain’t complicated for me,” he shot back.
The Justice Department has been arguing for years that tech companies are behaving irresponsibly by designing their products so that they cannot provide most user data to law enforcement. During both the Obama and Trump administrations, senior DOJ and FBI officials have lambasted the tech industry for its stance.
Former FBI Director James Comey used terrorism as the centerpiece of his argument about encryption, pointing to the 2015 terrorist attack in San Bernardino, Calif., as an illustration of how encryption hampered investigations.
This year, DOJ changed tactics and began focusing instead on how encryption complicates investigations of child sexual abuse. Tuesday’s hearing showed how effective that emotionally charged strategy has been in convincing senators that the encryption problem has been left to fester long enough.
“We really do need you folks to step up and really help us out in this area,” Ernst said. “Too much has gone on for way too long.”
Sen. Sheldon Whitehouse (D-R.I.) asked if Silicon Valley was prepared to accept liability for deaths that resulted from investigators’ inability to access encrypted data.
“You have to be willing to own up [to], and take responsibility for, the harm,” Whitehouse told the tech-industry witnesses.
“I don’t believe any company ought to be able to unilaterally decide whether to cooperate with law enforcement or not,” said Sen. John Cornyn (R-Texas). “Everybody needs to follow lawful court orders.”
The encryption hearing was billed as an examination of the technology’s “benefits and risks to public safety and privacy,” but few senators discussed encryption’s benefits or focused on the privacy and personal-security concerns that have animated activists for years.
The four witnesses at the hearing were Erik Neuenschwander, manager of user privacy at Apple; Jay Sullivan, the product management director for privacy and integrity at Facebook Messenger; Manhattan District Attorney Cyrus Vance, a longtime critic of warrant-proof encryption; and University of Texas at Austin cybersecurity fellow Matt Tait.
Vance urged Congress to regulate device encryption, often described as the protections for “data at rest” (as distinct from the encryption that apps such as Signal use to protect “data in motion”).
“Without moving toward legislation,” he warned, “we’re not going to solve this problem.”
Almost every senator, Republican and Democrat, praised Vance for his public service and lobbed him softball questions about the challenges that he and other local prosecutors faced because of encryption.
Their attitude toward Sullivan and Neuenschwander was not nearly as tame.
“It is troubling to me to hear you say that giving the key to law enforcement would cause a weakness in the device that would be a bad trade-off,” Blackburn said. “Catching criminals is never a bad trade-off.”
Blackburn accused Apple, Facebook, and their competitors of “shielding criminals.”
“Basically what you’re doing,” she said, “is creating a sanctuary cloud where these criminals say, ‘This is our safe harbor. This is our sanctuary.’”
The companies should change their approach and ensure they can share more data with investigators, Blackburn warned. “If you all can’t do that, we will do that. But there will be a cop on the beat.”
As of Tuesday, though, it seemed doubtful that the lawmakers’ blunt talk reflected real legislative opportunity.
A bill to ban warrant-proof encryption failed in early 2016, and no such legislation has been introduced since then. Congress is consumed by fights over government spending, trade policy and the impeachment of President Donald Trump and is unlikely to devote time to an esoteric issue that lacks political relevance. And Silicon Valley remains a powerful force in Washington, despite the controversies surrounding social media firms’ approach to combating disinformation and protecting user privacy.
The lone voice at the encryption hearing defending the tech companies was Sen. Mike Lee (R-Utah), who often finds himself at odds with his Republican colleagues on surveillance and privacy issues.
As the hearing concluded, Lee lamented seeing the conversation “descend into a contest over who loves children and who acts with reckless disregard for them.”
You can always tell that a conversation is “descending into a bad area” when people invoke extremes, Lee said.
Referring to cryptographic protections, he warned, “If we open these things up, there are consequences.”