Google reaffirmed it’s plans to implement default encryption of users’ communications and data during a congressional hearing this week, despite ominous warnings from the FBI that it will impede criminal investigations and put national security at risk.
“We are working towards more encryption on our products and our services as part of a larger plan to make sure the data services we provide to our users are secure and that users can use our services knowing that the information they entrust to us is safe,” Google’s director of law enforcement and information security, Richard Salgado, told a Senate committee Wednesday.
While testifying on electronic privacy reforms before the Senate Judiciary Committee, Salgado said encryption would be a benefit to law enforcement in the long-term by preventing identity theft, fraud exposure and other online crimes before they can ever occur.
“There are lots of different ways to secure data besides encryption, but I think there’s pretty much a consensus inside the security community that encryption is a fundamental and critical way to protect users’ data from the very thieves, identity theft cases, privacy intrusions that law enforcement is interested in investigating,” Salgado said.
The testimony comes one week after FBI Director James Comey gave his most recent testimony to Congress on the issue of criminal and terror suspects “Going Dark,” or using encrypted services to communicate, undermining intelligence and law enforcement efforts to surveil and gather evidence.
Google and Apple are two of the biggest names to have announced default end-to-end encryption in the last year, which in Apple’s case, not even the company can decrypt. The iPhone maker has already refused a court order for communications in a pending investigation, citing iMessage’s encryption as the reason the company can’t comply.
“We work for the American people, we work with the tools that they give us through Congress. And so our job is to say, ‘Hey look, our tools are being eroded, and we’re not making it up,’” Comey told the House Intelligence Committee. “What has helped people, I think, in the ISIL threat, is to see we’re not making it up.”
Now the Obama administration itself may soon be on the side of Silicon Valley. White House officials have reportedly begun backing away from the call for legislation forcing companies to decrypt data for law enforcement, with some pushing President Obama to come out in support of strong encryption.
Officials in commerce, diplomatic, trade and technology agencies have spent the summer quietly urging Obama to issue a statement “strongly disavowing” a law mandating government access to encryption, and instead support its widespread adoption, according to documents and sources cited by The Washington Post.
The move would counter the narrative the U.S. is seeking to expand its surveillance powers, officials argue, and be a step toward regaining the trust of the global community in U.S. tech firms, many of which have suffered losses in trust — and therefore business — overseas in the wake of mass surveillance programs leaked by former National Security Agency contractor Edward Snowden.
Beyond undermining privacy and weakening security, tech companies argue a government key to unlock encryption would give Silicon Valley a competitive disadvantage abroad, where other competitors offer products with no government caveats.
Comey agued the nature of doing business in America means adhering to standards and values not shared by the rest of the world, and added he believes the tech community can find a solution — they just haven’t tried hard enough yet.
“I’ve heard from a lot of folks that it’s too hard, and my reaction to that is, really?” Comey said. “Have we really tried? When I look at the industry today, I see companies — I’m not going to name them here — major Internet service providers who are able to comply with court orders, because they strongly encrypt in transit, and they decrypt when it crosses their networks so they can read our emails so they can send us ads,” Comey said, hinting at Google’s business model.
“I’ve never heard anybody say those companies are fundamentally insecure, and fatally flawed from a security perspective.”