We Can’t Make it Easier to Compromise our Data

Take a moment to think back on some of the biggest data breaches of the last five years: Sony Pictures. Office of Personnel Management. Target. Anthem. JPMorgan Chase. Last year alone, cyber criminals committed more than 781 data breaches and stole 164 million social security records. And as more data was digitized over the last decade, data breaches skyrocketed nearly 400 percent. 

The trend is clear: If bad actors want to access our data – whether it’s held by the federal government or private industry – they will look for ways to do so. So, why should we make it any easier for securely stored information to be compromised?

One good reason is to fight terrorism. Americans stand united that we should fight ISIS and their brethren with all available tools. This may be why the FBI chose to target Apple: After complaining for years about encrypted phones, the FBI finally found a case which tapped the public outrage over the San Bernadino shootings. And now we’re learning that the FBI has asked Apple to unlock nine more phones, confirming concerns this is not an isolated one off request.

In fact, given the exigency involving potential terrorism links, Apple should be applauded for doing everything in its power to cooperate with federal law enforcement to recover cloud data via the shooter’s smartphone.

We have to think long term. Is it better to create software which bad actors will likely obtain and exploit to compromise the security of our phones? That's why the Consumer Technology Association stands united with most in Silicon Valley in supporting Apple in its resistance to creating software which would allow anyone from getting the software to decrypt iPhones. The editorial boards of both the New York Times and the Wall Street Journal sided with Apple – a rare moment of editorial alignment that underscores the importance of this debate.

Through its demand, the FBI also appears to be asking Apple to design future products in a way that allows the government – and terrorists, cyber criminals and foreign governments – to break into them. This is a frightening government intrusion into the consumer technology ecosystem. There is no legal precedent for forcing a company to design software hacking its own products.

Of course, families of the San Bernardino victims want Apple to accede to the wishes of the FBI. And the threat of a larger terror cell at work demands a thorough investigation. But it’s a red herring to suggest or think this is the only way to get the information that law enforcement seeks from the iPhone of terrorists. If Apple gives in to the FBI’s demands, it would give foreign governments license to force Apple or other tech companies to do the same in less clear-cut situations.

In the San Bernardino case, law enforcement can access call logs, voicemails and texts without also being handed the technological wherewithal to compromise the privacy of the hundreds of millions of law-abiding iPhones users at the same time. And why must the hack in this case come from within? Security researchers and software developers alike have gone on the record saying the iPhone 5c at the heart of this debate can be decrypted without help from Apple.

By insisting Apple hack its own product, the government is asking that Apple create hacking software available to bad actors. For proof, look no further than the millions of sensitive government personnel records compromised recently – our government lacks the ability to keep anything absolutely secret.

If the government wants the authority to access private data in the interest of national security, investigators should turn to Congress, not industry. CTA is interested in the promising idea put forth by Rep. Michael McCaul (R-TX) and Sen. Mark Warner (D-VA) to convene a commission of technologists and law enforcement officials to explore how we can ensure national safety while also protecting the privacy of U.S. citizens.

In the absence of congressional action, however, Silicon Valley must protect and promote the duty tech companies have to their customers. That means making sure their customers’ data is secure. And they should be able to do this without fear of legal reprisal. CTA’s member companies work tirelessly to help deter crime and fight terrorism by cooperating with law enforcement officials, building security into their products, while continually enhancing it – and processing legal orders and requests for content and information.

With technology changing the ways we live our lives and contributing exponentially to our economy, consumers have come to rely on the security protections included in the devices and services they use every day for work, connection and entertainment. The U.S. government must respect Americans’ right to privacy as the amount of data we create, share and collect grows. Consumers should be able to trust that their personal data is legally protected, whether it’s stored or transmitted online or in their possession. That trust allows for continued innovation, which leads to economic growth and societal benefits.

Cybersecurity and privacy are co-joined. The role of government in data protection can and should be discussed and debated. But mandating a weakening of security standards will create vulnerabilities that could hurt all consumers, stifle innovation, and perhaps worst of all, shred the concept of personal privacy.

Granting government power to force companies to build back doors in their systems could open a Pandora’s Box – setting a troubling precedent and weakening security standards that could be exploited by the very people from whom our government seeks to protect us.