New York District Attorney Cyrus Vance advocated a congressional ban on cop-proof encryption, but legislation never got off the ground.
New York District Attorney Cyrus Vance has a message for the Trump administration as it puts its cybersecurity priorities in order: Listen to state and local officials on the front line.
Vance advocated extensively last year for Congress to create legislation to halt the advance of cop-proof encryption systems such as the encrypted iPhone used by San Bernardino shooter Syed Farook.
He argued in testimony before the Senate Armed Services Committee that Congress was essentially abandoning its responsibility to balance privacy and national security and delegating that authority to tech firms like Apple and Google.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Vance expects fights over such end-to-end encryption systems to return during the Trump administration and he’s hoping the Trump team will have his back in the fight.
“I absolutely don’t think the encryption debate is over,” Vance told Nextgov on the sidelines of the RSA cybersecurity conference in San Francisco on Thursday. “Whether we like it or not, there are going to be attacks … our inability to access devices is going to create circumstances the public is going to have to deal with.”
Though the San Bernardino case concerned a radicalized lone wolf shooter, warrant-proof devices could hold numerous pieces of evidence, ranging from clues to the whereabouts of a missing child to possibly exculpatory evidence in a criminal case, Vance said.
His office produced a 2015 report that advocated federal legislation barring companies from selling products that could not be accessed with a warrant.
Vance faulted the Obama administration for never taking a firm position in the encryption debate, either before or after the issue garnered national attention when Apple refused to comply with an FBI request to help it crack into Farook’s iPhone.
“In my conversations with senators in the last administration—I met with 35—there was a real frustration that the Obama administration had not, itself, come out with a proposal that those senators could use to essentially give them support, so that they could sign onto something that was supported by the administration,” he said. “My sense is that’s a political problem.”
Vance described himself as “hopeful” the Trump administration will take a firmer stand.
Former President Obama rejected what he called an “absolutist view” on encryption, but also appeared sympathetic to the arguments of tech firms and civil libertarians that weakening encryption would do more harm than good, effectively damaging cybersecurity for all Americans.
Any U.S. legislative efforts to weaken encryption would also do nothing to bar access to encrypted products produced in other nations.
Those arguments were persuasive for members of the House Judiciary and Energy and Commerce committees, which produced a joint report in December urging against weakening encryption. The report suggested workarounds, including training police to make better use of unencrypted metadata, such as time and date information, and helping police hack into encrypted devices by exploiting weaknesses in how criminals implement encryption.
Trump urged his Twitter followers to boycott Apple during its encryption fight with the FBI but has been mum about the topic since taking office.
Leaked drafts of a cybersecurity executive order the administration is contemplating don’t address the encryption debate.
More broadly, Vance said, he hopes the Trump administration will work more closely with state and local governments on cybersecurity, including helping to train local police in cyber forensics and to facilitate more information sharing about cyber threats.
Vance’s office was one of three early funders for the Global Cyber Alliance, which produces free cybersecurity tools and counts many local government organizations among its users.
“Honestly, I don’t think Obama got off the bench and into the game when it came to bringing state and local voices into cyber policy for the United States,” he said. “State and local government’s voice is not even sought as policy is set.”