Two Consequences of a New Encryption Bill
By: Sawyer Williams
April 14th, 2016
The Senate Intelligence Committee released a draft of its hotly anticipated encryption bill on Wednesday. The legislation, authored by Chairman Richard Burr (R- NC) and ranking member Dianne Feinstein (D-CA), would force companies who offer encrypted services to their customers to also provide technical assistance to federal investigators who legally request such data. According to The Hill, “[t]he move is a response to concerns that criminals are increasingly using encrypted technology to hide from authorities.”
This of course follows on the heels of the very public debate about encryption between Apple and the Department of Justice, where Apple refused to provide the FBI with assistance in attempting to unlock an iPhone used by one of the suspects in the San Bernardino shooting.
One interesting ramification of increasing encryption on cell phones, i.e. encryption that can prevent a search even when it is conducted pursuant to a warrant, is that it could very well cause the Courts to empower the federal government’s ability to search unlocked cell phones under the search incident to a lawful arrest doctrine. This ability was severely limited in Riley v. California because the Court found that the two-prong Chimel rationale of protecting the officer and preventing the destruction of evidence was absent once an arrestee’s cell phone is seized. But where the locking of a cell phone has the potential to disappear evidence forever, suddenly the second prong the Chimel rationale – the one about preventing the destruction of evidence – is absolutely on point. Thus, if police officers apprehend a suspect and his or her phone happens to be unlocked, they may at least tamper with the phone’s settings to prevent its locking. Can they search the entire phone? Maybe not. Still, in my mind it’s a dangerous expansion (in privacy terms) of a doctrine that allows warrantless searches.
The Senate bill is designed to combat this kind of encryption by increasing the costs of its implementation. For example, were a company to encrypt its services such that the government is completely foreclosed from any of its customer data, the bill still requires the company to provide “technical assistance” to the government after a legal request. That could translate to valuable engineering time or even access to the company’s entire source code. Furthermore, whatever goodwill the company hoped to accrue by providing the encryption to its customers is tarnished as a result of this mandatory association with the government. How highly will customers value encryption where every company is in cahoots with the government?
I already explained one less obvious benefit of the bill: it avoids or disincentives recourse to less savory but still legal means of searching cell phones, such as the search incident to a lawful arrest doctrine. It actually incentivizes the police to get a warrant (or a subpoena at the very least). If they get a warrant, they are rewarded with the help of the company.
However, there is a costly downside to the proposed legislation. Encryption is not only (or even mostly) about keeping our government out, it’s also about keeping malicious hackers at bay, or preventing snooping foreign governments. And it’s about the furtherance of valuable technology with multifaceted benefits. Think about bitcoin and its possibility as an example, all due to cryptography. The legislation from the Senate Intelligence Committee will add enormous costs to the research and development of encryption methods, because it effectively places a ceiling above which encrypted services cannot be implemented unless providers are willing to bear the direct and indirect costs of government cooperation. Encryption is much too valuable for society to impose this kind of blunt prophylactic.