Tech Companies Tangle With U.S. Over Data Access
Apple and Other Tech Companies Tangle With U.S. Over Data Access
By MATT APUZZO, DAVID E. SANGER and MICHAEL S. SCHMIDT SEPT. 7, 2015
Companies like Apple say they are protecting their customers’ information by resisting government demands for access to text messages. A standoff has grown between the sides as the companies have embraced tougher encryption.
WASHINGTON — In an investigation involving guns and drugs, the Justice Department obtained a court order this summer demanding that Apple turn over, in real time, text messages between suspects using iPhones.
Apple’s response: Its iMessage system was encrypted and the company could not comply.
Government officials had warned for months that this type of standoff was inevitable as technology companies like Apple and Google embraced tougher encryption. The case, coming after several others in which similar requests were rebuffed, prompted some senior Justice Department and F.B.I. officials to advocate taking Apple to court, several current and former law enforcement officials said.
While that prospect has been shelved for now, the Justice Department is engaged in a court dispute with another tech company, Microsoft. The case, which goes before a federal appeals court in New York on Wednesday and is being closely watched by industry officials and civil liberties advocates, began when the company refused to comply with a warrant in December 2013 for emails from a drug trafficking suspect. Microsoft said federal officials would have to get an order from an Irish court, because the emails were stored on servers in Dublin.
The conflicts with Apple and Microsoft reflect heightened corporate resistance, in the post-Edward J. Snowden era, by American technology companies intent on demonstrating that they are trying to protect customer information.
“It’s become all wrapped up in Snowden and privacy issues,” said George J. Terwilliger III, a lawyer who represents technology companies and as a Justice Department official two decades ago faced the challenge of how to wiretap phone networks that were becoming more digital.
President Obama has charged White House, Homeland Security and cybersecurity officials, along with those at the Justice Department, the F.B.I. and the intelligence agencies, with proposing solutions to the technology access issue. They are still hashing out their differences, according to law enforcement and administration officials.
Some Justice and F.B.I. officials have been frustrated that the White House has not moved more quickly or been more outspoken in the public relations fight that the tech companies appear to be winning, the law enforcement officials said, speaking on the condition of anonymity because they were not authorized to discuss the private conversations.
The White House, after months of study, has yet to articulate a public response to the argument that a victory in the Microsoft case would provide authoritarian governments, particularly those of China and Russia, with a way to get access into computer servers located in the United States.
“Clearly, if the U.S. government wins, the door is open for other governments to reach into data centers in the U.S.,” Brad Smith, Microsoft’s general counsel, said in a recent interview. Companies and civil liberties groups have been sending in briefs of their own, largely opposing the government’s surveillance powers.
Tensions between American technology leaders and the government over access are hardly new: The Clinton administration was forced to abandon plans to require technology manufacturers to build a small “clipper chip” into their hardware systems to allow the government to unlock encrypted communications.
Still, the nation’s phone companies ultimately supported legislation requiring them to build access points into their digital networks so they could comply with legal wiretap orders. (Tech companies like Apple and Google are not telecommunications firms and not covered by the wiretap law.)
The politics today are far different. Stung by Mr. Snowden’s revelations about how the National Security Agency had secretly breached company networks — often without the companies’ knowledge — Apple, Google and Microsoft are working to reassure customers around the world that they are fighting efforts to give the United States government access to their communications.
The businesses say they are seeing greater demand than ever for built-in encryption — including the new operating system Apple introduced last year for the iPhone, which James B. Comey, the F.B.I. director, and other government officials have denounced as endangering efforts to thwart criminals and terrorists.
“It’s important that we do not let these technological innovations undermine our ability to protect the community from significant national security and public safety challenges,” Sally Q. Yates, the deputy attorney general, told Congress this summer.
At issue are two types of encoding. The first is end-to-end encryption, which Apple uses in its iMessage system and FaceTime, the video conversation system. Companies like Open Whisper Systems, the maker of Signal, and WhatsApp have adopted such encryption for stand-alone apps, which are of particular concern to counterterrorism investigators.
With Apple, the encryption and decryption are done by the phones at either end of the conversation; Apple does not keep copies of the message unless one of the users loads it into iCloud, where it is not encrypted. (In the drug and gun investigation this summer, Apple eventually turned over some stored iCloud messages. While they were not the real-time texts the government most wanted, officials said they saw it as a sign of cooperation.)
The second type of encoding involves sophisticated encryption software on Apple and Android phones, which makes it all but impossible for anyone except the user of the phone to open stored content — pictures, contacts, saved text messages and more — without an access code. The F.B.I. and local authorities oppose the technology, saying it put them at risk of “going dark” on communications between terrorists and about criminal activity on city streets. The American military is more divided on the issue, depending on the mission.
The Justice Department wants Apple and other companies that use end-to-end encryption to comply with the same kind of wiretap orders as phone companies. Justice and some former law enforcement officials argue that consumers want investigators to have the ability to
“If you ask about wiretap functionality in the broad privacy context, you get one answer,” Mr. Terwilliger said. “If you ask it in the context of a guy with a loose nuke, or some kind of device, you get a different answer.”
Officials say a court fight with Apple is still an option, though they acknowledge it would be a long shot. Some object that a legal battle would make it harder for the companies to compromise, the law enforcement officials said. They added that Apple and other companies had privately expressed willingness to find common ground.
Apple declined to comment on the case for this article. But company officials have argued publicly that the access the government wants could be exploited by hackers and endanger privacy.
“There’s another attack on our civil liberties that we see heating up every day — it’s the battle over encryption,” Timothy D. Cook, the company’s chief executive, told a conference on electronic privacy this year. “We think this is incredibly dangerous.”
Echoing the arguments of industry experts, he added, “If you put a key under the mat for the cops, a burglar can find it, too.” If criminals or countries “know there’s a key hidden somewhere, they won’t stop until they find it,” he concluded.
The Microsoft case centers on whether the fact that data is stored around the world relieves American firms of turning it over. The government, which won in Federal District Court, has argued in its brief to the appeals court that where the data is stored is irrelevant because the company still has control of email records. The White House declined to comment because the case is in litigation.
“People want to know what law will be applied to their data,” Mr. Smith of Microsoft said. “French want their rights under French law, and Brazilians under Brazilian law. What is the U.S. government going to do when other governments reach into the U.S. data centers, without notifying the U.S. government?”
Chinese firms already have plans to build facilities on American soil that would store electronic communications, so the question may be more than hypothetical. In its brief, Microsoft argues that Congress will ultimately have to weigh in on the issue, since it is as much a political matter as a legal one: “Only Congress has the institutional competence and constitutional authority to balance law enforcement needs against our nation’s sovereignty, the privacy of its citizens and the competitiveness of its industry.”
A version of this article appears in print on September 8, 2015, on page A1 of the New York edition with the headline: Tech Companies Tangle With U.S. Over Data Access.