Obama opts for "good cop" approach with encryption backdoors
The Obama administration won’t seek legislation to force technology companies to decrypt communications, FBI Director James Comey told Congress in a public hearing on Thursday.
Instead, it looks like the stalemate in the crypto-wars will continue on as is – technology companies and their allies and the federal government will keep trying to persuade each other (and the public) that their side is the virtuous one.
During a hearing before the Senate Homeland Security Committee, Comey said government officials have decided to “continue the conversation” with technology companies, rather than new laws to mandate backdoor access to encrypted communications.
At least, not at this point, Comey said:
The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry.
Comey said the FBI has witnessed efforts by the Islamic State (ISIS) to recruit young Americans on social media, and then loses the trail when those conversations move to encrypted channels.
He told the Senate committee that domestic law enforcement is encountering situations where investigations are stymied by encryption, even with a search warrant.
A few weeks ago, the New York Times reported that Apple had told a US court that it could not comply with an order to provide real-time access to encrypted communications on its iMessage system – because it could not decrypt the messages.
Law enforcement officials told the Times that this was not the first time encryption had stymied law enforcement requests for communications in criminal investigations.
The White House has been looking to work with technology companies to get access to decrypted communications via a technological solution that wouldn’t weaken the encryption – a solution many security professionals say isn’t possible.
A leaked White House memo showed that the Obama administration had considered options such as a special port in hardware that law enforcement could use to retrieve decrypted communications; another idea was to use software updates to plant spyware on devices.
Both of those options were taken off the table, however.
Although they were considered “technically feasible,” the administration feared such proposals would “increase tension rather than build cooperation,” the Washington Post reported in September.
Yet the Obama administration’s decision to try the “good cop” approach to persuading Silicon Valley companies like Google, Apple and others to give law enforcement backdoor access to decrypted communications might not be enough to comfort the companies, or civil liberties and privacy advocates.
A coalition of technology businesses, civil liberties and press freedom groups have just launched a petition drive at savecrypto.org to tell president Obama to “stand up for security.”
The group is looking to get more than 100,000 signatures to “tilt the balance in this debate.”
The letter to Obama says allowing the government to have access to encryption keys, as has been proposed, would weaken encryption and internet security for all:
The government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, mandate implementation of vulnerabilities or backdoors into products, or have disproportionate access to the keys to private data.
A surprise ally for the coalition is former CIA and NSA boss Michael Hayden.
Hayden told a panel on cybersecurity at the Council on Foreign Relations that he does not support encryption backdoors.
Hayden said US national security would be better off with stronger encryption, Motherboard reports.
Since the revelations by NSA leaker Edward Snowden that the US spy agency was broadly sweeping up private communications of US citizens, the crypto-debates have been at a fever pitch.
Without a negotiated solution to the stalemate between the government and technology companies, it’s likely this debate will end up in the courts and, perhaps, Congress, to force a solution.
Article source: Naked Security – Sophos