Governments may be the main threat to big tech companies’ current approach to encryption, but there is another, more surprising threat: their own business interests. The techno-libertarians’ absolutist rejection of lawful access has never been tenable in a commercial context. Barr lambasted Silicon Valley for claiming that government access to consumer devices was never acceptable, even for a purpose as critical as stopping terror attacks, while insisting that its companies had to have access to all their customers’ devices for the purpose of sending them security updates (and, in Apple’s case, promotional copies of unwanted U2 albums). What’s more, Big Tech’s best customers—that is, businesses—don’t want unbreakable end-to-end communications direct to the end user. That encrypted pipe makes it impossible to find and stop malware as it comes in and stolen intellectual property as it goes out. It also thwarts a host of regulatory compliance mandates. So, pace the absolutists, tech companies have found ways to ensure that their business customers can compromise end-to-end security.
And there is this:
…I believe the tech companies are slowly losing the battle over encryption. They’ve been able to bottle up legislation in the United States, where the tech lobby represents a domestic industry producing millions of jobs and trillions in personal wealth. But they have not been strong enough to stop the Justice Department from campaigning for lawful access. And now the department is unabashedly encouraging other countries to keep circling the tech industry, biting off more and more in the form of law enforcement mandates. That’s a lot easier in countries where Silicon Valley is seen as an alien and often hostile force, casually destroying domestic industries and mores.
The Justice Department has learned from its time on the receiving end of such an indirect approach to tech regulation. It has struggled for 30 years against a European campaign to use privacy regulation to prevent tech companies from giving the U.S. government easy access to personal data. But as the tide of opinion turned against U.S. tech companies around the world, the EU was able to impose billions in fines on them in the name of privacy. Soon it really didn’t matter that these companies’ data practices weren’t regulated at home. They had to comply with Europe’s General Data Protection Regulation. And once they accepted that, their will to lobby against similar legislation in the United States was broken. That’s why California—and perhaps the federal government—is inching closer to enacting a privacy law that resembles Europe’s.
Here is the full Stewart Baker post, interesting throughout.