Will AG Barr succeed in his fight to empower the U.S. government with the ability to break strong encryption against tech companies?
U.S. Attorney General Bill Barr once again is decrying the fact that tech companies are proposing strong security standards for data at rest and data in transmission. By using encryption to protect data, the nation’s chief law enforcement official explains, companies will enable terrorists, pedophiles and mass murderers to communicate without fear that government officials, armed with warrants, will be able to listen in on their communications, read their emails and direct messages and discover the contents of their cloud applications and hardware devices. It’s time to empower law enforcement to break strong encryption—of course, with a warrant. Because, in the same breath, Barr also decries what he calls systematic abuse of the warrant application process through multiple layers of the FBI and U.S. Department of Justice (DoJ), through two political administrations, in one of the most sensitive and highly regulated and supervised criminal and national security investigations.
Trust us. We’re the FBI.
AG Barr added another arrow in his quiver to attempt to compel tech companies to comply with his demand that they make the internet less secure: removing their immunity. Section 230 of the Communications Decency Act (CDA) provides that “carriers” of information are not “publishers” of that information when posted by third parties. There are good and bad consequences to this policy decision. The good is that tech giants are not required to read and censor every internet posting, every instant message or direct message, every comment and every website. It means a more free and open sharing of opinions and a more free and open internet in general. The bad is that tech giants are not required to read and censor every internet posting. It means that individuals defamed or injured by such postings, who suffer loss of reputation or who are doxed or stalked online, who are victims of revenge porn, fake news or trolling attacks have little recourse both against the tech companies that disseminate and “broadcast” (in the general sense of making available to the public) the injurious content and against the actual creator or poster of the content, who can generally hide behind various legal and technological shields of anonymity.
Section 230 immunity is a great boon to tech giants who want the benefits of collecting massive amounts of information from individuals about their use of these services without the muss and fuss of having to police the trolls. That’s someone else’s problem.
So now the DoJ and Congress are threatening to remove Section 230 immunity (or to limit it in some fashion). Among the “concessions” the administration wants is for the tech giants to give some additional leeway to law enforcement and the intel community on the issue of data encryption. “Dat’s a nice little free and open internet youze got there … it would be a shame should sumthing happen to it …”
Both Section 230 and the so-called “going dark” problem present nuanced and difficult public policy choices. Weaken encryption to go after child molesters and you invite more hacking of banking systems, less privacy and more abuse even by law enforcement and the intel community. Make crypto unbreakable and you destroy accountability—sort of. Give absolute 230 immunity and there’s little incentive to create safe spaces on the internet or to provide information from which users can be held accountable for their actions. Remove immunity and the quantity and quality and openness of the internet is destroyed. Conflate the two policies and the problems are exponentially more difficult to solve.
I have written on the “going dark” problem many times before, and I am firmly in the camp of a stronger, safer and more secure internet without back doors for one government or another. The perception that the Huawei technology behind our 5G backbone is riddled with actual or potential back doors was enough for Congress and the FCC to demand that the infrastructure be ripped out root and stem. Imagine the international reaction if such “back doors” were perceived to be an integral part of communications, telecom and OSes? Not pretty.
There are plenty of reasons and ways to regulate big tech. These may not be the best ones.
