Apple, Microsoft Grapple with Feds Over Access to Customer Data
Federal authorities in the U.S. are continuing to press for access to encrypted or overseas data handled by companies such as Apple and Microsoft, while technology and civil rights advocates say such backdoors would worsen -- rather than protect -- online and offline security. The direction of that conversation could take a dramatic turn one way or the other with a federal appeals court hearing tomorrow on the Microsoft-Ireland case.
The case revolves around the efforts of the U.S. Department of Justice to obtain the contents of a MSN.com e-mail account in connection with a drug trafficking investigation. Microsoft contends the federal court order does not apply in overseas jurisdictions and therefore e-mail data stored on its servers in Ireland are exempt from the order.
Apple, too, has been the focus of efforts by U.S. officials to gain access to its customers' data. The New York Times reported yesterday that this summer Apple declined to comply with a Justice Department court order because the company said it couldn't access data sent by customers using its end-to-end encrypted iMessage system.
"The reality is that companies are encrypting data because doing that is good for security," said Gregory Nojeim, senior counsel at the Center for Democracy and Technology. Federal officials who insist otherwise are pursuing an "anti-cybersecurity agenda," Nojeim told us.
Including security backdoors for federal authorities "would undermine the ability of people to use the Internet with confidence that their communications are not being read by the bad guys," Nojeim said.
The outcome of tomorrow's hearing in a U.S. appeals court in New York could have far-reaching repercussions "for privacy, for the ability of U.S. firms to compete and for state sovereignty," Nojeim said.
If U.S. officials could access data held in facilities overseas, officials in other countries could argue for similar access to data in facilities in the U.S., privacy and security advocates warn. "Chinese firms already have plans to build facilities on American soil that would store electronic communications, so the question may be more than hypothetical," according to the New York Times.
'Bad Guys Will Still Encrypt'
Since the extent of U.S. spying on global communications was first revealed by former National Security Agency contractor and whistleblower Edward Snowden in 2013, the tug-of-war between national security and personal privacy/security concerns has shown little sign of ending.
Federal officials like FBI Director James Comey have warned that technology companies like Apple and Google endanger public safety by providing end-to-end encryption -- which means the companies themselves don't have the keys to decrypt customers' communications -- for their mobile operating systems. Apple CEO Tim Cook has said such arguments are "Incredibly dangerous."
"Removing encryption tools from our products altogether, as some in Washington would like us to do, would only hurt law-abiding citizens who rely on us to protect their data," Cook said earlier this year. "The bad guys will still encrypt; it's easy to do and readily available."
In May, Apple and Microsoft were among the many organizations and individuals to sign a letter asking President Barack Obama to reject efforts to undermine strong encryption technologies. The letter urged the president to follow the 2013 recommendations of a federal intelligence and communications review group that said the U.S. should not weaken encryption standards or collect and store mass amounts of individuals' personal information.