Feedback
Tech

Tech Giants Don’t Budge as Lawmakers Push Weakened Encryption

Encrypted Data: Simple Idea, Complex Math 1:41

The terror attacks in Paris, Beirut and Mali have renewed the debate around encryption inside the Beltway, much to the chagrin of America's biggest tech companies. The two sides are expected to reconvene after Thanksgiving to publicly hash out the issues now under discussion behind closed doors.

At the heart of the debate is just how much information the tech firms — including Alphabet, Apple, Facebook, Oracle and Microsoft — can be required to hand over to U.S. intelligence and law enforcement agencies.

So far, little evidence as to the preferred methods of communication employed by the terrorists behind those attacks has been made public.

That's not stopping Republicans and Democrats from renewing calls for agencies to be given access to encrypted data held by tech companies, perhaps via so-called back doors with keys that allow them to more quickly obtain information about suspected terrorists, all in the name of in the name of protecting Americans.

Read More from CNBC: Former Anonymous Hacker: Block ISIS Recruitment First

"In the absence of real information, they started blaming [former NSA contractor Edward] Snowden and encryption for the attacks in Paris," said a U.S. tech industry representative who asked not to be identified by name. "It's a complete red herring, but it is something that, in the absence of any real facts, seems plausible, at least to reporters who don't cover tech."

This view is almost universal in the tech community.

"It's impossible to end encryption. You would be eliminating commerce on the Internet," said Alex Salazar, co-founder and CEO of cybersecurity start-up Stormpath. "You can't do logins, credit card transactions, health care, really anything that is sensitive."

Gartner analyst Jay Heiser said: "If encryption had been allowed to take its natural course of development, our citizens and consumers would be much better protected today. People who have been in cybersecurity for a couple decades are painfully aware of this history, and don't want to see it repeated."

Beyond the privacy and technological feasibility arguments, a big reason companies like Apple strongly oppose giving U.S. authorities the keys to the kingdom is, of course, that most of their customers are not in the U.S.

Seventy-two percent of Apple's revenue comes from overseas, 57 percent of Alphabet and Facebook's revenues are generated outside the U.S. and more than 54 percent of Microsoft and Oracle's revenue comes from international customers, according to those companies' earnings reports.

Read More from CNBC: Calls Grow for Government 'Back Door' to Encryption

"You have tech companies out there that are trying to do the right thing, and it's because it's good for business for them. It draws in consumers, it draws in companies that are worried about these things, and so, there is that kind of balance," said Adam Ely, a cybersecurity industry veteran and co-founder of mobile security start-up Bluebox.

The tech giants are in a tough spot. They must walk a fine line between being sensitive to the increasingly politicized discussion around encryption, while at the same time protect users, customers and shareholder interests.

None of the companies would comment on the record for this story, but privately many characterized the debate inside the Beltway as nothing but political theater that will result in little if any change. "Over the next couple of weeks, there will be more pressure, but I think when people sit down and examine it, they will end up in the same place that they did over the summer," said a tech representative based in D.C. (Google confirmed that a coalition of tech companies have met with government officials.)

Others suggest there may be a middle ground.

"At the end of the day both sides — they may not be 100 percent satisfied, but I do think they're going to walk away with something that they can live with," said Brian Finch, a cybersecurity lobbyist and partner at Pillsbury Winthrop Shaw Pittman.

Hacker Group Anonymous Declares War on ISIS 1:54

"The debate is so heated right now that we're not necessarily aware of all the options," said Finch. "I don't know that there has been an opportunity to really sit down in a neutral environment, in a dispassionate environment and really talk about all the ways that you could get to the encrypted information without providing a back door."

Finch lobbies for security and malware firm FireEye, among others, and represents a number of companies on cybersecurity issues, particularly as they relate to Cybersecurity Information Sharing Act.

Cybersecurity start-ups are also weighing in, suggesting new technology could help provide new, more palatable, solutions.

"They really should have just evolved faster in just understanding signal intelligence, understanding patterns of communication," said Ely. "Looking for that pattern, using pattern recognition or looking for those anomalies actually tells you a lot more than seeing what I am texting my girlfriend for dinner."

Said Salazar: "It's always shocking how much data is out there. Even above and beyond this encrypted data. I am always surprised by some data scientists' ability to discover a signal in the noise."

Read More from CNBC: What Can Anonymous Really Do to ISIS?

In response to the growing drumbeat around encryption and back door access, the Information Technology Industry Council, an advocacy and policy organization in Washington representing America's tech giants, defended encryption.

"Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety," ITI President and CEO Dean Garfield said in a statement Thursday. "We deeply appreciate law enforcement's and the national security community's work to protect us, but weakening encryption or creating back doors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense."

ITI's position echoes that of the Software & Information Industry Association, a trade association for the software and digital content industry. Members include 21st Century Fox, Nasdaq, Morgan StanleyTD Ameritrade, T Rowe Price and UBS Investment Bank.

"Strong encryption is not a threat to national security, but a protective measure," Mark MacCarthy SIIA's senior vice president of public policy, said in a statement last week. "Encryption protects not just government and commercial data bases, but critical national infrastructure such as hospitals, airlines and nuclear power stations — exactly the targets terrorists would attempt to hack and destroy. If the U.S. government gained backdoor access to encrypted material, it is possible that other governments and non-government actors would as well and encryption would become useless. It is for these reasons that SIIA opposes encryption backdoors."

With so much at stake, Beltway watchers say the encryption issue is not likely to disappear anytime soon. At the same time, the cybersecurity industry is booming.

According to the National Venture Capital Association, VCs have invested more than $10 billion into cybersecurity companies since 2012.

"We are seeing an unprecedented surge of cybersecurity spending by enterprises and governments to further protect/encrypt their data in this elevated threat landscape, which we believe represents a $30 billion market opportunity over the next three years," FBR analyst Daniel Ives wrote in a note on Thursday.