Lawmakers on Tuesday threatened to pass litigation that would force technology companies to provide court-ordered access to encrypted devices and messages unless the businesses can come up with a solution.
"You're going to find a way to do this or we're going to do this for you," Lindsey Graham, R-SC, chairman of the Senate Judiciary Committee, told representatives from Apple and Facebook, during their testimony.
The company representatives were joined by Manhattan District Attorney Cyrus Vance and Matt Tait, a cybersecurity fellow at the University of Texas at Austin, to discuss encryption and lawful access. Tech companies and government agencies are at odds over how to handle encryption in a world where criminals, like the rest of us, are spending more time on their smartphones and other gadgets.
Law enforcement officials argue that encryption keeps them from accessing criminals' devices, even under a court order or after death, and prevents them from detecting internet-based crimes like sharing images of child exploitation. For tech companies, the focus remains protecting user privacy, and they say that creating a key or "backdoor" into the devices or messages makes the system vulnerable to malicious actors.
Tait testified that while technology companies have the capability to develop an improved encryption system, they don't have the incentives. With respect to device encryption, which is how Apple prevents access to phones without a correct passcode or fingerprint, Tait said any system that allows for lawful access would instantly be attacked. But if Congress required companies to provide access under court order, companies like Google and Apple would be forced to build a compliant solution "in the most secure way possible."
Facebook faces a different issue because it doesn't make the devices that are used to send messages over its services. Facebook is working on integrating its three messaging products and encrypting them from end to end, a plan that's raised alarm from the highest ranks of the law enforcement community.
Attorney General William Barr asked CEO Mark Zuckerberg in October to hold off on the encryption plans until officials could ensure it would not hurt public safety. Facebook responded to that letter in a message dated Monday, saying they don't plan to weaken encryption to allow for law enforcement access in the name of public safety.
The encryption debate between government and industry has been ongoing since 2015, in the wake of the mass shooting in San Bernadino, California. Apple fought the FBI on its request to help it unlock the shooter's phone, and CEO Tim Cook called the order "dangerous," arguing that it could set a precedent for future government overreach or company surveillance.
In that case, the Justice Department ultimately said it was able to access the phone's data on its own. But Vance said that outcome is as likely as tossing a coin.
Since Apple released iOS 8 in 2014 with greater security features that made it harder for law enforcement to access technology, Vance said his office has received a growing percentage of locked Apple devices in criminal investigations. He said his office is able to unlock about half of those with the help of third-party vendors, but warned that the work can be "cost-prohibitive."
Sen. Marsha Blackburn, R-Tenn, said at Tuesday's hearing that by preventing law enforcement from accessing devices, companies are creating a "safe harbor" for criminals.
"That is why on a bipartisan basis you're hearing us say we've slapped your hand enough and you all have got to get your act together or we will gladly get your act together for you," Blackburn said.
Sen. Joni Ernst, R-Iowa, echoed that sentiment, telling the executives that, "I think you'd rather find the solution than have Congress do it for you."