(Photo: McIek/Shutterstock.com)

Much of the debate around encryption and government’s access to encrypted data was guided by the FBI’s ultimately successful attempts to get access to an iPhone belonging to one of the perpetrators of the San Bernardino, California, mass shooting.

But as legal, privacy and law enforcement experts noted in the New York City Bar Association-sponsored panel, “The Battle over Data Encryption: Where Privacy, Business and Security Collide,” the complexities of encryption run deeper. And often, decisions on encryption require consideration of legislation, constitutional factors and the history of the practice of encryption.

Here are three key considerations in detangling the nuances of encryption:

1) The Move Towards Absolute Encryption

The modern debate over encryption has moved beyond just a discussion of the rights of government agencies in unlocking a consumer’s device, and towards whether such devices should be fitted with absolute encryption, a lock that not even the manufacturer can open.

Lawrence Byrne, deputy commissioner of legal matters at the New York City Police Department, noted that

some software markets are developing encryption “in a way that [companies] don’t have the technological ability to unlock the front door for you.” He calls this a “whole second-level of new devices,” that even with a court order, such locks are impenetrable.

Byrne noted this is an example of “technology advancement [that] has far outstripped ability for court or law systems” to handle, and that encryption should not become a barrier to a legal access. “What we are talking about here is law enforcement’s ability to access data pursuant to a court order,” he said. “We’re not spying on people.”

But Alexander Southwell, partner and co-chair of the privacy, cybersecurity and consumer protection practice group at Gibson, Dunn & Crutcher, said that companies aren’t intending to complicate prosecutions or legal orders, but were instead aiming to protect users from cybercriminals who are constantly trying to access their devices.

Judith Germano, principal at Germano Law and senior fellow on cybersecurity and adjunct professor of law at New York University School of Law, added that one cannot fully understand this trend outside of the context of ex-National Security Agency contractor Edward Snowden’s disclosure of U.S. government online surveillance.

“Citizens are thinking the government is listening to all my phone calls,” even though that’s not entirely accurate, she said. And there is “this perception among companies,” Germano added, “that if they’re seen as too comfortable with the government,” they are abetting in unwarranted surveillance.

2) FISA’s Role in Encryption

The move towards absolute encryption could not be fully explained without also understanding how the Foreign Intelligence Surveillance Act (FISA) may have driven phone manufacturers towards the practice in the first place.

Byrne noted the debate around encryption is actually far older than many realize, as there were issues with companies encrypting voice calls over some of first manufactured cellphones. To address these concerns, Congress passed the FISA in 1994, which Byrne said allowed the FBI and law authorities to keep pace with technology by mandating “technical assistance” from the device manufacturer or telecommunications carrier to unlock a device or intercept data pursuant to a court order.

Yet “interestingly, what that law said in 1994 in the encryption subsection was that a telecommunications carrier should not be responsible for decrypting or ensuring the government’s ability to decrypt” unless both the ability to encrypt and decrypt was first provided by the carrier, Byrne said.

Essentially then, in creating absolute encryption, technology companies are telling law enforcement “we no longer have the ability to de-encrypt and [therefore] we don’t have to abide by your court order,” he added.

To address this loophole in the FISA, Byrne advocated for “federal legislation like we had in 1994 to allow law enforcement and intelligence agencies to lawfully keep pace with the pace of technological development.”

3) The Fourth Amendment: The Overlooked Balance?

For Saritha Komatireddy, assistant U.S. attorney for the Eastern District of New York, the way the encryption debate is framed “as a battle between security and privacy” may be a little misdirected.

“My view is that the balance has already been struck,” she said, explaining that “people have always had very private information that they want to keep safe in the safest private form,” and under the Fourth Amendment, law enforcement or government entities could not infringe on that right without probable cause related to an investigation and a warrant. “So we already have this constitutionally struck balance.”

What Komatireddy sees as different about such balance today is that “we have a situation where those private things are now held on a device that is ubiquitous in everyone’s hands, and holds a huge amount of data” that is readily accessible.

But even these devices, she explained, are still protected under the Fourth Amendment against unreasonable searches, as the 2013 Supreme Court decision in Riley v. California ruled that police may not search an arrested person’s cellphone without a warrant.

The debate now, she advised, should be “whether there should be parts of society that are complete black boxes, beyond the reach of lawful processes and therefore beyond the reach of law.”

Much of the debate around encryption and government’s access to encrypted data was guided by the FBI’s ultimately successful attempts to get access to an iPhone belonging to one of the perpetrators of the San Bernardino, California, mass shooting.

But as legal, privacy and law enforcement experts noted in the New York City Bar Association-sponsored panel, “The Battle over Data Encryption: Where Privacy, Business and Security Collide,” the complexities of encryption run deeper. And often, decisions on encryption require consideration of legislation, constitutional factors and the history of the practice of encryption.

Here are three key considerations in detangling the nuances of encryption:

1) The Move Towards Absolute Encryption

The modern debate over encryption has moved beyond just a discussion of the rights of government agencies in unlocking a consumer’s device, and towards whether such devices should be fitted with absolute encryption, a lock that not even the manufacturer can open.

Lawrence Byrne, deputy commissioner of legal matters at the New York City Police Department, noted that

some software markets are developing encryption “in a way that [companies] don’t have the technological ability to unlock the front door for you.” He calls this a “whole second-level of new devices,” that even with a court order, such locks are impenetrable.

Byrne noted this is an example of “technology advancement [that] has far outstripped ability for court or law systems” to handle, and that encryption should not become a barrier to a legal access. “What we are talking about here is law enforcement’s ability to access data pursuant to a court order,” he said. “We’re not spying on people.”

But Alexander Southwell, partner and co-chair of the privacy, cybersecurity and consumer protection practice group at Gibson, Dunn & Crutcher , said that companies aren’t intending to complicate prosecutions or legal orders, but were instead aiming to protect users from cybercriminals who are constantly trying to access their devices.

Judith Germano, principal at Germano Law and senior fellow on cybersecurity and adjunct professor of law at New York University School of Law , added that one cannot fully understand this trend outside of the context of ex-National Security Agency contractor Edward Snowden’s disclosure of U.S. government online surveillance.

“Citizens are thinking the government is listening to all my phone calls,” even though that’s not entirely accurate, she said. And there is “this perception among companies,” Germano added, “that if they’re seen as too comfortable with the government,” they are abetting in unwarranted surveillance.

2) FISA’s Role in Encryption

The move towards absolute encryption could not be fully explained without also understanding how the Foreign Intelligence Surveillance Act (FISA) may have driven phone manufacturers towards the practice in the first place.

Byrne noted the debate around encryption is actually far older than many realize, as there were issues with companies encrypting voice calls over some of first manufactured cellphones. To address these concerns, Congress passed the FISA in 1994, which Byrne said allowed the FBI and law authorities to keep pace with technology by mandating “technical assistance” from the device manufacturer or telecommunications carrier to unlock a device or intercept data pursuant to a court order.

Yet “interestingly, what that law said in 1994 in the encryption subsection was that a telecommunications carrier should not be responsible for decrypting or ensuring the government’s ability to decrypt” unless both the ability to encrypt and decrypt was first provided by the carrier, Byrne said.

Essentially then, in creating absolute encryption, technology companies are telling law enforcement “we no longer have the ability to de-encrypt and [therefore] we don’t have to abide by your court order,” he added.

To address this loophole in the FISA, Byrne advocated for “federal legislation like we had in 1994 to allow law enforcement and intelligence agencies to lawfully keep pace with the pace of technological development.”

3) The Fourth Amendment: The Overlooked Balance?

For Saritha Komatireddy, assistant U.S. attorney for the Eastern District of New York , the way the encryption debate is framed “as a battle between security and privacy” may be a little misdirected.

“My view is that the balance has already been struck,” she said, explaining that “people have always had very private information that they want to keep safe in the safest private form,” and under the Fourth Amendment, law enforcement or government entities could not infringe on that right without probable cause related to an investigation and a warrant. “So we already have this constitutionally struck balance.”

What Komatireddy sees as different about such balance today is that “we have a situation where those private things are now held on a device that is ubiquitous in everyone’s hands, and holds a huge amount of data” that is readily accessible.

But even these devices, she explained, are still protected under the Fourth Amendment against unreasonable searches, as the 2013 Supreme Court decision in Riley v. California ruled that police may not search an arrested person’s cellphone without a warrant.

The debate now, she advised, should be “whether there should be parts of society that are complete black boxes, beyond the reach of lawful processes and therefore beyond the reach of law.”