When Congress passed the USA Freedom act and closed out the National Security Agency’s unwarranted data gathering the appropriate response was simple. Good riddance. The program, initiated under terms of Section 215 of the Patriot Act and revealed by Edward Snowden, lived outside lines originally drawn by the fourth amendment. Its value in preventing attacks was repeatedly questioned and eventually the White House relented. But with ISIS and al Qaeda still lurking, a string of attacks spanning from Paris to Jakarta, and the Obama administration under continuing criticism for both strategy and results big data is lurking again. The Paris attack helped resurrect the beast when unconfirmed reports circulated alleging that the perpetrators used encrypted devices to plan their assault. It also inspired a formerly reluctant president and his one-time Secretary of State to press Silicon Valley for a way in. The president dispatched some of his top aides to San Jose for closed-door meetings, Ms. Clinton praised their “extraordinary capacities” before she talked up the notion of a “Manhattan-like project” at a Democrat presidential debate. They’ve got allies, like John Kasich, on the other side of the aisle. “We have to give the local authorities the ability to penetrate and disrupt,” the Ohio governor said. “Encryption is a major problem and Congress has got to deal with it…to keep us safe.” The first half is sensible, the second is heading off the rails in search of an elusive boogeyman.
Kasich’s remarks fit a familiar narrative, one regularly deployed in the battle over metadata: safety. New Jersey Governor Chris Christie was playing the same card when he claimed intelligence agencies did not have “the funding and the tools…to keep America safe” before he blamed the USA Patriot Act. The standards it set up are worth noting in relation to Christie’s statement and the prospect of a legislative effort against encryption. The law took collection of telephone and internet data from the NSA, handed it to service providers, and allows law enforcement access if it can show proof of “reasonable suspicion.” The same standard should be applied to encryption, with an important caveat — the ability of either program to prevent attacks before they happen is dubious at best. A 2014 study by a White House working group had to admit as much when it found no evidence the NSA program was “essential to preventing attacks.” The program’s value was further undermined by the working group’s conclusion that what metadata did find could have been discovered via conventional court orders. Those findings are important now because ISIS is leading a change in terror tactics. They are broadening the field beyond the Middle East, but have shown less interest in highly-planned, spectacular attacks like the one that brought down the World Trade Center towers. The standard has shifted to attacks like San Bernardino or Philadelphia perpetrated by lone wolves.
In this environment, there is potential intelligence value in contact information and message content from known terrorists like Sayed Farook or Edward Archer. It could help law enforcement stay one step ahead of the next would-be jihadi. How much remains to be seen, but the quest for answers has reached Capitol Hill and brought forward two factions: one would use a court order to gain access to encrypted data; the other would gather representatives from technology firms, privacy advocates, academia, law enforcement, and intelligence agencies to brief Congress before it acts. “It’s not a bad idea,” Senator Dianne Feinstein noted. The Intelligence Committee’s ranking Democrat is still eager to move because “the terrorists are not going to go away,” so the lingering threat of a future attack remains. True. But there is reason for deliberation because the “back door” FBI Director James Comey has been dilligently seeking will not work the way he imagines. So say skeptics like Apple CEO Tim Cook who insists there is no way to leave “a key under the mat” for government agents to access encrypted data without simultaneously clearing the way for hackers and hostile foreign governments. This is not a matter for lawmakers or would-be presidents to simply brush aside for the sake of expediency; there is no more value in fighting terrorism by weakening internet security than there is in burning down a barn to smoke out a wolf.