All Americans – including both company executives and law enforcement officials across the nation – want to keep our country safe and secure. This shouldn’t be a shocking statement, but so often we hear the debates around encryption, privacy, and data security framed as a battle between law enforcement or intelligence agencies and tech innovators in Silicon Valley. This doesn’t need to be the case. Starting with the shared commitment to individual liberty, including freedom from harm, I believe we can chart a path forward that improves privacy and data security while keeping all of us safer from physical threats.
In our data-driven, hyper-connected world, the truth is that tech companies and law enforcement work closely together on a daily basis to address an array of crimes. They do so within the American legal system that is predicated on the need for a warrant to access information and the right of individuals to their privacy. Despite claims from some in the intelligence community that systems and criminals are “going dark,” we actually live in an age where targeted, informed surveillance for law enforcement purposes is more possible – and more pervasive – than ever.
As we prepare for a new Administration and a different Congress to take office, there is plenty of room for progress on shaping a clear and just framework for law enforcement access to personal data.
However, we need to take one thing off the table if we truly want to find common ground: companies cannot be asked to compromise encryption. Strong and widespread encryption has advanced privacy and security more than any other development in the last decade. The ability to protect our communications is essential to maintaining trust in our computing devices and the digital infrastructure that supports them. Strong encryption is also essential to national security, protecting us from dangerous hacks and cyberattacks by malicious actors.
Encryption is here to stay, and it’s critical to our safety and our ability to compete in the global marketplace. It’s time to move forward with solutions that support strong data security while enabling law enforcement agencies to carry out lawful investigations into crime and terrorism.
Now let’s talk progress. Initially, we need more top tech talent in government and law enforcement nationally and locally. New technologies create novel legal issues, and it’s difficult for the law to keep up with the staggering pace of technological development. The government and law enforcement need technical training and skilled engineers at all levels to adapt and operate in the modern landscape.
Hiring, retaining, and cultivating technical talent in the government has been challenging. It is difficult for the government to compete with the salaries and culture offered by modern tech companies. The current administration has begun to tackle the tech pipeline problem with programs like the Presidential Innovation Fellows, but long-term, holistic solutions are needed. The next administration will need to recruit tech talent across all agencies, and Silicon Valley should work with them to do this.
Next, data is mobile, and modern criminal investigations often require access to data stored in other countries. The current process for accessing data stored abroad—Mutual Legal Assistance Treaties (MLATs)—is cumbersome and can incentivize bad data policies, such as data localization mandates and efforts to seize data across national borders. Reforming this process is another area both tech companies and the government can work to address.
Law enforcement needs an efficient mechanism for accessing data stored abroad with a warrant or court order. The Department of Justice has proposed a bill that would allow for bilateral agreements to facilitate these orders, but the proposal lacks important privacy and human rights protections. New legislation should allow cross-border data collection only if the orders, and the foreign government’s laws and policies, meet strong privacy and human rights standards. Legislation should also close the loophole that allows companies complete discretion to voluntarily disclose their users’ metadata to foreign governments.
Lastly, Silicon Valley and law enforcement can also work together to address cybersecurity in innovative ways, including government hacking and cybersecurity research. To do so, two major issues must be addressed. First, the FBI will soon have expanded power to remotely hack into digital devices. A proposed change to the Federal Rules of Criminal Procedure will allow magistrates, under certain circumstances, to issue warrants for the remote hacking and searching of devices anywhere in the world. This change, set to take effect Dec. 1, 2016, could set a dangerous precedent and expose innocent people to remote searches. Government hacking is becoming more common, and Congress, Silicon Valley, and law enforcement must work together to establish limits that safeguard users from unjustified remote searches and maintain data security.
Second, cybersecurity research is essential to a future of increased data security. Ambiguity in the law that prohibits computer crimes – the Computer Fraud and Abuse Act (CFAA) – inhibits this research to the detriment of tech and other companies, and can thereby enable the very crimes the law is designed to punish. Silicon Valley and law enforcement have a common interest in clarifying CFAA to promote security research.
There are certainly many areas where Silicon Valley, law enforcement, and the government can collaborate to find workable, practical approaches to keeping our nation secure while protecting the rights of citizens. Starting from the shared commitment to American values, there is plenty of room for progress. Let’s not get distracted by calls to weaken encryption; rather, let’s focus on areas where policy reform is needed and forward progress, together, is achievable. All of these solutions require us to harness our country’s best talent and realize the full potential of technological innovation in the public and private sectors.
