White House Realizes Mandating Backdoors To Encryption Isn't Going To Happen
from the option-1-please dept
Over the last few months, I’ve heard rumblings and conversations from multiple people within the Obama administration suggesting that they don’t support the FBI’s crazy push to back door all encryption. From Congress, I heard that there was nowhere near enough support for any sort of legislative backdoor mandate. Both were good things to hear, but I worried that I was still only hearing from one side, so that there could still be serious efforts saying the opposite as well. However, the Washington Post has been leaked quite a document that outlines three options that the Obama administration can take in response to the whole “going dark” question. And the good news? None of them involve mandating encryption. Basically, the key message in this document is that no one believes legislation is a realistic option right now (more on that in another post coming shortly).
The document’s three options can be summarized as follows:
- Option 1: Do the right thing, admit that backdooring encryption is a bad idea and dumb, and stand up for real cybersecurity by saying that more encryption is generally good for society. This will make lots of people happy — including civil liberties folks and the tech industry, and it will also do more to protect the public. It will also help the most with many foreign countries in showing that the US isn’t just trying to spy on everyone — though it may piss off a few countries (mainly the UK) who have doubled down on backdooring encryption. Also, it will undermine China’s plan to backdoor encryption as well. Let’s call this the right option.
- Option 2: Yeah, we know what the right thing to do is, but we’ll take a half-assed approach to it to try to appease the FBI/law enforcement folks and not come out nearly as strongly against legislation. We’ll say there’s no legislation, but we’ll at least leave the door open to it. In private, we may still push tech companies to backdoor stuff. This will anger lots of folks, but maybe (the administration believes) some civil liberties types will think it’s enough of a win to celebrate. Then we pretend that we can hold some sort of “discussion” between people who disagree.
- Option 3: We totally punt on the issue and don’t really say anything. If we do say something, we say that this issue needs a lot more discussion and study (just like people have been saying for the last year). In other words, endless cryptowars with no end in sight.
Clearly, Option 1 is the only sensible option, and the report lays out some pretty strong arguments for why coming out against backdooring encryption would be good. It would actually make the tech industry much more willing to work with the government in productive ways, rather than stupid, privacy and security-destroying ways. It would actually better protect the public and it would stop authoritarian regimes from using our own language against us to break encryption. The cons are basically that law enforcement might whine about it. Well, the administration actually says that it “provides no immediate solution to the challenges that the expanding use of encryption poses to law enforcement and national security” but given that law enforcement still hasn’t done a good job showing this is a real problem, that’s not really a big deal.
In fact, law enforcement is still relying on made up ghost stories rather than any real evidence that encryption is a problem.
So, now the big question is which option the administration will choose. Will it stand up and take leadership on this issue (Option 1), thereby actually protecting Americans? Or will it do a variety of half-assed measures believing that it has to support “both sides” or some crap like that? From the leaked report, it appears that if it chooses either Option 1 or 2, the White House will make a public statement on the matter within the next few weeks.