AN FRANCISCO — Like many Silicon Valley start-ups, Larry Gadea’s company collects heaps of sensitive data from his customers.
Recently, he decided to do something with that data trove that was long considered unthinkable: He is getting rid of it.
The reason? Gadea fears that one day the FBI might do to him what it did to Apple in their recent legal battle: demand that he give the agency access to his encrypted data. Rather than make what he considers a Faustian bargain, he’s building a system that he hopes will avoid the situation entirely.
A guest registration tablet made by Envoy. (Nick Otto for The Washington Post)
“We have to keep as little [information] as possible so that even if the government or some other entity wanted access to it, we’d be able to say that we don’t have it,” said Gadea, founder and chief executive of Envoy. The 30-person company enables businesses to register visitors using iPads instead of handwritten visitor logs. The technology tracks who works at a firm, who visits the firm, and their contact information.
In Silicon Valley, there’s a new emphasis on putting up barriers to government requests for data. The Apple-FBI case and its aftermath have tech firms racing to employ a variety of tools that would place customer information beyond the reach of a government-ordered search.
The trend is a striking reversal of a long-standing article of faith in the data-hungry tech industry, where companies including Google and the latest start-ups have predicated success on the ability to hoover up as much information as possible about consumers.
Now, some large tech firms are increasingly offering services to consumers that rely far less on collecting data. The sea change is even becoming evident among early-stage companies that see holding so much data as more of a liability than an asset, given the risk that cybercriminals or government investigators might come knocking.
Start-ups that once hesitated to invest in security are now repurposing limited resources to build technical systems to shed data, even if it hinders immediate growth.
“Engineers are not inherently anti-government, but they are becoming radicalized, because they believe that the FBI, in particular, and the U.S. government, more broadly, wants to outlaw encryption,” said prominent venture capitalist Marc Andreessen in a recent interview. Andreessen’s firm, Andreessen Horowitz, is an investor in Envoy.
The government abandoned its effort to force Apple to help unlock the iPhone of one of the San Bernardino terrorists and paid professional hackers to crack the phone instead. But experts say that the issue is far from settled, and will probably be the subject of court and legislative battles.
The FBI has found a way into San Bernardino Syed Farook’s iPhone, and is now dropping bids to force Apple to help them crack into the phone. See all the latest developments in the case, and why the case isn’t over yet. (Jhaan Elker/The Washington Post)
Start-ups are particularly wary, Andreessen said, of legislation proposed recently by Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) that would compel tech companies to build technical methods to share customers’ encrypted data, at a court’s request.
“They believe there’s this window of opportunity that if we build strong encryption now, we can make it a fait accompli. But if we let five years pass, it may never happen,” Andreessen said.
In the past two years, more companies have embraced encryption, which scrambles information so that it looks like a stream of unintelligible characters to an outsider who accessed it without permission. What’s changed more recently, industry officials say, is that companies are encrypting data and throwing away the key to prevent their gaining access, a move that started with Apple but is spreading across the Valley.
This latter tactic is the most worrisome to law enforcement. Government officials have said repeatedly they do not want to outlaw encryption; FBI Director James B. Comey has called strong encryption a vital means of protecting the public’s personal information from hackers.
But officials insist that there must be a technical means to access that information when companies are served with warrants. Otherwise, there will be “profound consequences for public safety,” Comey told Congress in March. Terrorists and criminals are already using messaging services to which tech companies have thrown away the key, he said. Investigators say two such services, WhatsApp and Telegram, were used by terrorists in the Paris attacks last November.
“This is a Silicon Valley delusion that the government wants to outlaw encryption,” Stewart A. Baker, a former National Security Agency general counsel, said in an interview. “I grant that there is a radicalized subculture of engineers that is very prone to that delusion, but it is a delusion.”
Surely not every company will resort to building such systems. Many simply can’t. Their business relies on targeted advertising or the mining of customer data, and cutting off access would be a recipe for failure. But many start-ups that wouldn’t have considered it before the Apple FBI fight are now doing so and discussing the accompanying trade-offs, said Bret Taylor, formerly Facebook’s chief technology officer and now chief executive of the start-up Quip.
The trade-offs can be significant: Heavy encryption risks slowing down your service. It limits the ability to analyze customer behavior or introduce new features. (Encrypting email, for example, would make it harder to search through email.) Once you give customers the only key to their data, you can’t give them a backup if they lose it.
Such efforts over the past few years have been described as part of an arms race between large tech companies and potential invaders, spurred largely by the growing threat of cyberattacks. To some extent, they’ve also been prompted by a newfound wariness of government after Edward Snowden’s revelations about government surveillance, as well as a growing awareness among entrepreneurs of the sheer sensitivity of the data on their services.
Apple led the pack, launching end-to-end encryption with its popular messaging app, iMessage, in 2011. In 2014, the company blocked its own access to information stored on iPhones — data that disappears permanently after 10 failed passcode attempts. (End-to-end encryption enables only the partners trading messages to decode them. The companies providing the means to transmit them cannot.)
WhatsApp, the global messaging service owned by Facebook, announced end-to-end encryption this year, as did Viber, a messaging app that is popular in Europe. These years-long technical efforts predated the FBI case. Cloudera and Box, two larger tech start-ups selling data storage and processing systems to large corporations, have built encrypted systems over the past year in which only the customer has the keys needed to unscramble data.
The case between Apple and the FBI and the possibility of “backdoor” legislation — mandating encryption bypasses for law enforcement — is a new inflection point. Earlier this month, Google launched Allo, a chat app that allows users to switch on end-to-end encryption, and Amazon chief executive Jeffrey P. Bezos said he was exploring measures to encrypt data and throw away the keys on devices owned by the Seattle-based company.
Stealth Worker — a start-up funded six months ago by the prominent incubator Y-Combinator — provides contract cybersecurity experts to early-stage start-ups, which often operate on a shoestring budget. Stealth Worker chief executive Ken Baylor said that in the past month he had been approached by a half-dozen companies looking for ways to build tougher encryption and other secure technical architectures. But many don’t want to talk about it, he said.
“They are afraid of a phone call from someone high up saying that they are unpatriotic,” Baylor said.
Bracket Computing, a 70-person Silicon Valley start-up, embarked on an encryption project about a month ago intended to make it easier for customers to hold the keys to their own data.
That way, “I can’t get subpoenaed the way Apple did,” Bracket chief executive Tom Gillis said. “This clears up the whole issue: If you have an issue with my customer, go talk to my customer, don’t talk to me. I’m just a tech guy, and I don’t want to be in the middle of these things.”
Gillis said that initially, customers seeking the ability to hold the keys to their data were large, sophisticated financial services companies, such as Goldman Sachs and Blackstone. Today, a broader array of companies, including media and automotive firms and small banks, are making these requests. Advances in Intel’s chips, he said, have made it possible to build these complex systems 13 times as fast as in 2010.
Building systems that cut off a company’s access to customer data is time- and resource-intensive, and these systems don’t come without risks.
Envoy CEO Gadea, an engineering prodigy who was hired by Google when he was just 18, estimates that his company’s data-wiping project will take a few months and about three engineers working full time.
Currently, when a visitor enters a building with an Envoy registration system, a message is sent alerting the appropriate employee that they have a guest. Envoy can send such messages — by text, email or other messaging services — because the customer data is stored on its servers, which are hosted remotely by Amazon Web Services, the cloud division of Amazon. The information is encrypted, but Envoy holds the keys to unscramble it. (Amazon CEO Bezos owns The Washington Post).
Employees of Envoy in their San Francisco office. (Nick Otto for The Washington Post)
Under the new protocol, the engineering team will have to reconfigure the system so that the keys to unscramble the data are kept by the customers on the iPads used to sign people in. Envoy will no longer have the ability to access the keys. The technical challenge will be making it possible for the iPads to alert people when they have visitors, instead of having the alerts come from Envoy’s servers. The goal is to make the change unnoticeable to users, Gadea says, but it could take months to get there.
There will undoubtedly be many trade-offs, Gadea said. Not only will Envoy sacrifice the ability to send visitor notifications directly, but customer service also could be become more challenging. Today, if one of Envoy’s 2,000 customers asks for help correcting a mistake in a visitor name or resetting a password, an Envoy customer service rep can lend a hand. Under the new system Envoy’s reps could have their hands tied.
The new system could also make it harder to fix software errors because Envoy will no longer be able to push out automatic updates from its servers. And if a customer loses its passwords or keys, Envoy won’t have the ability to restore the lost data. It will be inaccessible forever.
Gadea said he is not anti-government and would sell Envoy’s services to the FBI if the agency wished to become a customer. “It’s like with your friends,” he said, “you’re always going to find one thing you don’t like about them. But you’re not going to hate a person because of one disagreement.”
And he said he understands the trade-offs.
““For a small startup trying to iterate quickly, it definitely slows things down,” Gadea said. “But in the long run, it’s a competitive advantage and it reduces risk on our company. I can sleep better at night.”