GORDON CROVITZ- A PHONE UPGRADE FOR TERRORISTS?
It’s a good thing Najibullah Zazi didn’t have access to a modern iPhone or Android device a few years ago when he plotted to blow up New York City subway stations. He was caught because his email was tapped by intelligence agencies—a practice that Silicon Valley firms recently decided the U.S. government is no longer permitted.
Apple , Google, Facebook and others are playing with fire, or in the case of Zazi with a plot to blow up subway stations under Grand Central and Times Square on Sept. 11, 2009. An Afghanistan native living in the U.S., Zazi became a suspect when he used his unencrypted Yahoo email account to double-check with his al Qaeda handler in Pakistan about the precise chemical mix to complete his bombs. Zazi and his collaborators, identified through phone records, were arrested shortly after he sent an email announcing the imminent attacks: “The marriage is ready.”
The Zazi example (he pleaded guilty to conspiracy charges and awaits sentencing) highlights the risks that Silicon Valley firms are taking with their reputations by making it impossible for intelligence agencies or law enforcement to gain access to these communications. In September, marketers from Apple bragged of changes to its operating system so that it will not comply with judicial orders in national-security or criminal investigations.
“Unlike our competitors,” Apple announced, “it’s not technically feasible for us to respond to government warrants.” This encryption was quickly matched by Google and the WhatsApp messaging service owned by Facebook.
In a private meeting last month, Deputy Attorney General James Cole asked the general counsel of Apple why the company would want to market to criminals. As the Journal reported last week, Mr. Cole gave the hypothetical of the police announcing that they would have been able to rescue a murdered child if only they could have had access to the killer’s mobile device. Apple’s response was that the U.S. can always pass a law requiring companies to provide a way to gain access to communications under court orders.
Since then, U.S. and British officials have made numerous trips to Silicon Valley to explain the dangers. FBI Director James Comey gave a speech citing the case of a sex offender who lured a 12-year-old boy in Louisiana in 2010 using text messages, which were later obtained to get a murder conviction. “There should be no one in the U.S. above the law,” Mr. Comey said, “and also no places within the U.S. that are beyond the law.”
Robert Hannigan, the head of Britain’s electronic-intelligence agency, Government Communications Headquarters, warned in a Financial Times op-ed earlier this month: “However much they may dislike it,” Silicon Valley firms “have become the command-and-control networks of choice for terrorists and criminals.”
Even without terrorism attacks that could have been prevented, Mr. Hannigan said, he thought Internet users may be “ahead” of Silicon Valley: “They do not want the media platforms they use with their friends and families to facilitate murder or child abuse.”
It looks like Silicon Valley has misread public opinion. The initial media frenzy caused by the Edward Snowden leaks has been replaced by recognition that the National Security Agency is among the most lawyered agencies in the government. Contrary to initial media reports, the NSA does not listen willy-nilly to phone and email communications.
Last week, the Senate killed a bill once considered a sure thing. The bill would have created new barriers to the NSA obtaining phone metadata to connect the dots to identify terrorists and prevent their attacks. Phone companies, not the NSA, would have retained these records. There would have been greater risks of leaks of individual records. An unconstitutional privacy advocate would have been inserted into Foreign Intelligence Surveillance Court proceedings.
The lesson of the Snowden accusations is that citizens in a democracy make reasonable trade-offs between privacy and security once they have all the facts. As people realized that the rules-bound NSA poses little to no risk to their privacy, there was no reason to hamstring its operations. Likewise, law-abiding people know that there is little to no risk to their privacy when communications companies comply with U.S. court orders.
Finding no willingness by Silicon Valley to rethink its approach without being required by law, FBI Director Comey recently asked Congress to update the Communications Assistance for Law Enforcement Act of 1994. This requires traditional phone companies to comply with court orders to provide access to records. He wants the law updated to cover Apple, Google and other digital companies.
Silicon Valley firms should find ways to comply with U.S. court orders or expect Congress to order them to do so. They also shouldn’t be surprised if their customers think less of companies that go out of their way to market technical solutions to terrorists and criminals.
Comments are closed.