Edward Snowden changed everything. It’s a common refrain heard in the halls of power of Washington DC and office parks of Silicon Valley. A once mutually beneficial relationship between both coasts came to a screeching halt after Snowden revealed that U.S. intelligence agencies were actively looking to undermine the security of some of Silicon Valley’s offerings.
Time has not healed the wound. Over the course of the next four years, President Donald Trump’s administration will likely have to contend with Russian influence operations, Chinese cyber espionage, Iranian subterfuge, fights over appropriate use of encryption, data localization, and attracting technical talent to protect U.S. networks. Successfully meeting these challenges will require policy changes and deft maneuvering.
Most importantly, it will require that the Trump administration bridge the divide between Silicon Valley and Washington. As Trump prepares to meet with major business CEOs—including from Uber and IBM—on Friday, he’ll face a tech community increasingly disturbed by his decisions since taking office, such as an executive orders denying entry to travelers from seven Muslim-majority countries and directing the construction of a wall along the U.S.-Mexico border.
The U.S. is the country most reliant on information and communication technology in the world, given the centrality of the Internet to commerce, military operations, and everyday government services. Having its tech community and government working at cross purposes undermines U.S. security and foreign policy interests.
For example, America cannot expect to develop global standards on privacy or to shape the regulation of artificial intelligence, self-driving vehicles, or other cutting-edge technologies without close public-private partnership. Similarly, the complexity of the tech ecosystem is growing so rapidly that it is becoming next to impossible to retrofit products to meet policymakers’ desires.
Rebuilding the relationship will not be easy. In some cases, U.S. tech companies have a vested interest in keeping the U.S. government at arm’s length given that tech giants like Intel and Apple derive more than 60% of their revenue from overseas, where suspicion of the U.S. is already high. Nevertheless, there are three ways that Silicon Valley and Washington can close the gap.
First, the U.S. government can make it easier for tech companies to respond to foreign requests of user data. Currently, U.S. law prohibits an American company from handing over foreign users’ communications or data to a foreign country unless approved by a U.S. judge. In other words, if a Brazilian citizen uses Facebook to plan a bank robbery in Brazil, Brazilian cops would need to go through a U.S. court to obtain their Facebook chat logs, a process that can take up to 10 months. In some cases, foreign judges have grown frustrated with the process and threatened local employees with jail time.
As a result, many countries are passing laws that require user data to be stored within their borders. For a tech company, complying with these laws increases costs and wipes out efficiencies gained by having data stored in the cloud. Failure to comply can get a company banned—Russian regulators recently blocked access to LinkedIn for failing to keep its data about its Russian users in the country. The Trump administration should work with Congress to amend U.S. law to make it easier for U.S. service providers to comply with foreign law enforcement requests, subject to human rights protections.
Second, the U.S. government needs to quickly attribute state-sponsored cyber operations and impose costs on the attackers. So far, the U.S. has a spotty record in protecting the private sector from industrial espionage or disruptive incidents. The U.S.-China deal on economic cyber espionage was a bright spot; the slow and limited response to Russia’s election interference was not.
Although U.S. firms must beef up their own defenses, they can’t be expected to fend off foreign intelligence agencies and their proxies. Washington should be more willing to call out state-sponsored activity, confirm data released by cybersecurity companies, and target assets valuable to the attackers and their superiors. These actions will give the private sector greater confidence that the U.S. government is taking clear steps to counter state-backed cyber threats.
Third, the U.S. government must recognize that requiring tech firms to maintain the capability to decrypt user data is a non-starter, while addressing the concerns of law enforcement through other means. Strong encryption is essential to improving cybersecurity for individuals, corporations, and the government. Maintaining a decryption capability, known as exceptional access or a backdoor, is tantamount to purposely creating a vulnerability that criminals and state actors can exploit, putting customers at risk of data breaches. Moreover, the U.S. does not have a monopoly on encryption technology. Requiring a decryption capability here can easily be circumvented by using the more than 500 encryption tools built elsewhere.
The Trump administration faces an uphill battle to rebuild trust. Much of Silicon Valley—with the exception of Trump confidant Peter Thiel—backed Hillary Clinton, and many openly mocked then-candidate Trump’s Luddite tendencies, desire to have Bill Gates “close up” the Internet, and boasting of his youngest son’s tech proficiency.
President Trump has, however, signaled he will make cybersecurity a priority and wants to take a hard stance to deter foreign actors. That, along with pushing Congress to allow tech firms to provide foreign users’ data to foreign governments when requested, would go a long way toward rebuilding trust. Finding consensus on encryption is arguably the hardest nut to crack, but offers the best way to quickly heal the discord.
Washington cannot expect to successfully meet the myriad of cyber challenges facing the country without Silicon Valley’s help, nor can Silicon Valley prosper without a favorable policy environment set in Washington. It is in both of their interests to be friends again.
Alex Grigsby is the assistant director and Adam Segal is the Ira A. Lipman chair and director of the digital and cyberspace policy program at the Council on Foreign Relations. Segal is the author of new CFR report, “Rebuilding Trust Between Silicon Valley and Washington.”
