White House 'Responds' To Petition For Strong Encryption… By Asking For More Info From A Misspelled Ed Felten

from the say-what? dept

Earlier this year, the EFF’s Rainey Reitman set up the SaveCrypto.org petition, which tied directly into the White House’s We the People… petition site. The petition got the necessary 100,000 signatures to demand a response (though the White House isn’t always good about doing that). And, now the White House has responded (sorta). The petition itself is pretty clear:

Reject any law, policy, or mandate that would undermine our security.

The government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, mandate implementation of vulnerabilities or backdoors into products, or have disproportionate access to the keys to private data.

We demand privacy, security, and integrity for our communications and systems. As a public, we should be confident that the services we use haven?t been weakened or compromised by government mandate or pressure. No legislation, executive order, or private agreement with the government should undermine our rights.

Weakening encryption weakens the entire Internet. Please endorse strong encryption, and encourage other world leaders to do the same.

The response, on the other hand, is not clear at all. It just asks people to provide more info and says it’s meeting with the people who put together the petition this week.

We want to hear from you on encryption:

Thank you for signing the petition on strong encryption and speaking out on this important national debate. As the President has said, “There’s no scenario in which we don’t want really strong encryption.” It is critical that the government, the private sector, and other experts regularly engage to understand the impacts of encryption on national security, public health and safety, economic competitiveness, privacy, cybersecurity, and human rights around the world.

This conversation about encryption is also part of a broader conversation about what we, as a nation, can do to fight terrorism as it evolves online. That is why, in his address to the nation on Sunday, the President reiterated the Administration?s call for America?s technology community and law enforcement and counter-terrorism officials to work together to fight terrorism. American technologists have a unique perspective that makes them essential in finding new ways to combat it. They are the best and most creative in the world, and we need them to bring their expertise, innovation, and creativity to bear against the threat of terrorism.

This week, administration officials will sit down with the creators of this petition to hear directly from them about their priorities and concerns.

We also want to hear from you. Share your comments and questions here, and we’ll report back after the meeting.

This is a critical conversation, and we want to hear from as many voices as we can.

Thanks again for your participation in We the People.

Now, there are all sorts of problems with this. First off, Reitman says that contrary to the claims made in the response, no one from the White House has contacted her or anyone else at EFF. So, that claim that the White House is sitting down with the creators of the petition is bogus.

Second, while you should all go to that website and tell the White House what you think about strong encryption, it’s absolutely ridiculous that anyone actually thinks that’s necessary. The petition itself told the White House what they thought about encryption and that’s that it’s important in protecting our privacy and security and undermining it is dangerous with almost no real benefit. And, indeed, almost every technology expert who has opined on this subject has said the same thing — including Ed Felten, the White House’s Deputy CTO who supposedly co-wrote this response.

Except he didn’t. Because not only does it not sound like him, the letter was actually signed by “Ed Felton” not Ed Felten:

Someone in the White House (Ed?) noticed this eventually and it’s since been changed, but it certainly suggests Felten himself had little to nothing to do with this response. The other signature on the letter is from Michael Daniel, the President’s cybersecurity czar, whose name you might recognize from that time he bragged about his lack of technology knowledge and skills, claiming it could “be a little bit of a distraction” and later argued that of course backdooring encryption was totally possible, though when asked to name a single technology expert who agreed with him, noted that “I don’t have any off the top of my head.” We’re still waiting.

Of course, I think we know which one of those two names actually wrote this non-response. But if that’s the way the government is going to play the game, we might as well make use of the tools they’ve provided and let them know (yet again) about the importance of strong encryption without backdoors.

Filed Under: , , , , , ,
Companies: eff

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “White House 'Responds' To Petition For Strong Encryption… By Asking For More Info From A Misspelled Ed Felten”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Enough spin to power a city

This conversation about encryption is also part of a broader conversation about what we, as a nation, can do to fight terrorism as it evolves online.

There is no conversation.

Encryption is entirely binary, in that it’s either secure for everyone, or secure for no-one.

The time for politeness is well past, and every single time someone tries to insist that if only the tech companies would try harder, or talk about it more they’d be able to create the magic golden keys being demanded, it needs to be pointed out that there is nothing to talk about, as they are asking for the impossible and know it.

When they stop lying, that is when a conversation can be started, but not one second before.

Anonymous Coward says:

Re: Enough spin to power a city

There is no conversation.

Then just go on over to the White House and sock those people in the jaw.

• Tell ’em you don’t understand why the head of our counter-intelligence agency() is demanding crap security.

• Tell ’em if the FBI director wants to subvert our counter-intelligence efforts, then we ought to take counter-intelligence responsibilities away from the FBI.

Just go on over to the White House and sock those people in the jaw.

() Yes, the FBI is supposedly our chief counter-intelligence agency.

Blackfiredragon13 (profile) says:

Re: Enough spin to power a city

In fact, if you think encryption can be safely undermined raise your hand. Now everyone who raised their hand please write down everything a person would need to commit identity theft, SSN, PIN, DOB, on a piece of paper. Now leave that paper in the middle of your house with all the doors and windows unlocked.

Anonymous Coward says:

Re: Enough spin to power a city

Encryption is not binary. There is a 100% chance that it will be broken eventually, no matter how good it is. Eventually may be in a googleplex years of brute force, but it is still always breakable.

Besides: Most of the serious holes found in encryption are based on bad implementations.

Now, the “magic key” they are talking about is an illusion. Encryption strenght regulation would erode fast, type-regulation would spectacularly break with better mathematical understanding and compromising the implementation opens the box for incredible amounts of instant attack-vectors for criminals.

No matter how you define the intelligence vs cybercriminal, you end up with a law that would require several changes each year (Ridiculous in its own right!), a law that is an absolute gift for cybercriminals and/or an unworkable system.

Suomynona (user link) says:

Re: just reiterating "We want sciency-people to invent a backdoor that only good guys can use."

Epiphany! The politicians are exactly right in this case, and not only should we all agree, we should all urge them to do double-key encrypted messages — the faster the better.

And then here’s the (pun?) key: we make sure that THEY (the politicians) use that exact same encryption scheme as well. So when the key eventually leaks (as it will), we can all see exactly what they’ve really been saying.

After all, if they’ve got nothing to hide, they shouldn’t mind a little “freedom of speech” forced out of their emails.

On the other hand, we’ve probably just put WikiLeaks out of business. And this’ll stop most of the website hack attacks, since anyone can glean all you want from any emails.

Well, 1 out of 3 isn’t bad — good enough for government work, right?

AricTheRed says:

Re: Practical politics

Yes, yes, “…the lens of practical politics.”

“…we might as well make use of the tools they’ve provided and let them know (yet again) about the importance of strong encryption without backdoors.”

That way the Executive branch has a list of folks (other than Tech Dirt readers), to refer to the proper list making bureaucrats, that they know need to be added to the No-fly No-guns No-rights Terror Watchlist.

Pesky encryption, free-speechy problem solved.

Anonymous Coward says:

Re: Re: Re:2 Practical politics

intoned the Anonymous Coward.

Just because I’m not telling you my name doesn’t mean the feds can’t see behind seven proxies.

Look, if you’re really that worried, then don’t take a position on cutting the FBI’s funding. You can just say something slightly more saccharine, and less likely to draw retaliation.

Concerned Citizen says:

My response to their 'call for responses'

The following is verbatum my reply posted on the governments provided site :

In an attempt to provide insight, I feel talking specifically about technology is foolish, as clearly all those involved in the conversation for ‘fixing’ encryption to act against ‘terrorists’ are already so convinced of their argument talking about this in terms of internet technology is pointless.

Watching government hearings, it seems the government is fond of analogies, so please allow me a few.

What is being suggested by the government for the technology sector to do, is the equivalent of demanding every lock in the country be, or contain somewhere in its design, a simple pin and tumbler locking mechanism universally unlockable by a single Master Key.

This idea is implemented in many high schools which provide their own locks for students to use to secure their belongings in their lockers, and with an identical purpose. To keep out other students, while at the same time providing faculty a quick, easy method of searching student lockers for contraband and whatnot.

In practice, it allows clever and crafty students to pick the pin and tumbler ‘master segment’, by passing the infinitely more difficult combination lock mechanism entirely to access their fellow students belongings.

From here, I have PERSONALLY WITNESSED students use this capability to:
* Sneak contraband into the lockers of students they may hold a grudge against, so they may then ‘Anonymously’ inform the faculty of the students supposed misdeeds. Innocent students can be suspended, expelled, and possibly receive criminal records from well meaning deterrence policy by being framed.

* Steal from their fellow students. Everything from homework, reports,personal belongings, money, anything.

* Change the locks. To prevent students from accessing their own belongings, they may replace the lock with a far more durable, far less vulnerable and completely inaccessible lock, necessitating the school itself take means to remove it and allow the affected student access to their belongings again.

These are only a very small number of examples of what HAS happened in these situations. Now, let us apply them to encryption.

After bypassing the government ‘Master Key’, Backdoor, security vulnerability, good guy only all access pass or whatever else it is you wish to refer to the weakening of important personal security as, Terrorists, Cybercriminals and other horrible people will, with a little time and a few resources, be able to…

*Insert and disseminate without the authorisation or knowledge of the system owner illegal and felonious material before providing the always eager to protect law enforcement agencies with an ‘anonymous tip’ about child pornography, illicit copywritten material, proof of material support of ISIS and more, leading to felony convictions capable of not only incarcerating someone in excess of their current lifespan, but also bring about the destruction of their life and livelihood even should parole occur due to the previous false associations of guilt.

*Empty bank accounts, gain access to credit card information, copy personal data, access work related details and information and more. What is more, any transfer of the above to recognized terror groups such as ISIS can easily be construed as material support of a terror group,leading to felony convictions and serious jail time, simply for being robbed.

*Install new encryption tools. Simply because the government mandates use of weakened or compromised or ‘improved for government access’ encryption does not suddenly force existing tools and services to disappear. To prevent an individual realising what has been done with their systems before it is too late (convictions raised, etc), a proper, strong, inaccessible encryption system may be installed. This serves not only the purpose of locking out both the owner and law enforcement from the system, adding to the suspicion of guilt on the innocent party for ‘use of banned or illegal encryption services’ they themselves did not put on their system.

This does not even begin to address other constitutionally protected interests, such as the 5th amendment right to be secure against unlawful search and seizure.

In the above scenario, terrorists turn innocent citizens into dissidents simply by destroying their lives, an watching their own government turn the people against them.

An individual unjustly incarcerated due to the above scenarios is naturally going to lose faith in their own governments ability to discern good from evil. Worse, they themselves may feel that if living a good life got them where they are, there may be little point to TRYING to live a good life.

You yourselves provide material support to terrorists by acting out against your own people, and showing them that you are not a government to be trusted with the sanctity and security of this fine and great nation. You yourself create terrorists by enabling groups to more easily attack your citizens at home and at work. You yourself undermine your own security, and make your people less safe.

I implore you, I beg you, I PLEAD with you to understand the ramifications of what you are suggesting. This is not about allowing law enforcement access, it is about denying EVERYONE access unilaterally, and relying on actual investigation, not simply a ream of circumstantial and out of context evidence dredged from an ocean of data, to capture criminals.

As a law abiding citizen of this nation, I personally would rather CCTV cameras attached to every building in our nation, surveying every square inch of ‘public’ space for any sign of indecency…. than see encryption weakened and broken is so often suggested.

Worse, the long conversation about encryption not only weakens the methodology used to keep us safe, but time and time again insists on an ineffective and counter-productive solution in the face of working towards REAL solutions.

This conversation is the equivalent of attempting to dig through concrete with a plastic spoon. The people you reach out to for help repeatedly insist there are better ways to accomplish your goal, but all you ever ask for is a stronger plastic spoon.

If you truly care about your nation, your legacy as a government body, the trust and respect of your voting public, the security of your richest stakeholders and campaign contributors, and the operability of your nations impressive economic corporate powers…. you will stop demanding you know something everyone else does not, and LISTEN to the experts you bring in to advise and help you. The TECHNOLOGY experts. The ones expected to implement your plans.

I have worked in IT departments, and I recognize the governments behaviour in this field. When an IT department gets orders from upper management, they are devoid of understanding. They ask for a ‘simple’, vague, poorly worded theory of a contradictory instruction, like ‘Make the network run faster, but don’t expect a budget increase to cover it’ or ‘prepare the network infrastructure for the new offices, but only spend a quarter of what you tell us you need to do it’, or my absolute favourite ‘Don’t bother with redundancies, it’s a waste of money. Just fix stuff really fast when it breaks’.

You are smarter than this. You all are. I know you are.

Now act like it.

dakre (profile) says:

Re: My response to their 'call for responses'

The sad thing here is that corporations are almost as bad as the government at times. The difference is that corporations don’t have PR telling everyone how encryption is bad, M’kay.

Either way, the government only wants weaker encryption to make things more convenient for them. It’s the concept of having your car unlock when your car key is within 5-10 feet of the door, but that opens up security issues like someone sending a signal to unlock the door. I’ve even heard of using extenders to get a nearby signal from the key, and send it much farther away to unlock the person’s car. I don’t know much about that, but both are very possible (creating the signal or extending it).

Concerned Citizen says:

Re: Re: My response to their 'call for responses'

I don’t entirely agree that corporations are almost as bad as the government at times. I can’t choose to boycott my government. Trying to explore another option (emigrating) could probably label me as a dangerous dissident in the current political climate, limit my ability to leave the very country I wish no part of anymore, and destroy any ability I have to CHOOSE another government!

I fear saying ‘I don’t want to live here anymore’ will get me arrested, tried as a terrorist, and thrown in jail for longer than child rapists and murders.

Yes, I fear discussing MY OWN COUNTRY, because any displeasure might be seen as dangerous extremism. I feel sick whenever I hear politicians try to call out civil atrocities in other nations like China because of the hipocracy. You know what? At least if I lived in China, I’d know what to expect.

Even Comcast, for all their horrible bullshit, can’t physically prevent me from moving to an area serviced by another provider.

On to your second point.

I am aware the government wants convenience. That is what the term ‘Terrorist’ currently is. It is a convenient term long since stripped of any meaning to apply to someone the government doesn’t like, but cannot manage to try or convict under any actual evidence or crime.

Are your neighbors keeping you up all night with their partying? Snag a payphone (those are still around, right?) and call in a terrorist meeting, saying you heard incomprehensible shouting and aggressive bantering. They’ll get assaulted, taken in, ransacked, deprived of their rights, deprived of their possessions, and left sobbing and their lives destroyed. AND, you can finally get a good nights sleep.

Isn’t that convenient?

Did one of your employees do something that ruined your companies reputation? Spin that as a Terrorist plot to affect the economic strength of the nation, and you don’t need a reason anymore to fire the guy. Just let the feds pick them up.

Isn’t that convenient?

The government has ALREADY proven they cannot responsibly handle convenience. We should be in no rush to give it to them.

Anonymous Coward says:

Re: Re: My response to their 'call for responses'

Is it worth adding a comment asking for the Office of Technology Assessment to be reinstated?

No. I think that would be rather off-topic, and addressed to the wrong branch of government.

Before it was abolished, OTA was a Congressional agency, like CRS, CBO and GAO. So you would want to talk to your representative and senators about that.

This call for public comment is from the White House. The Office of Science and Technology Policy (OSTP) is part of the Executive Office of the President (EOP).

Anonymous Coward says:

I started writing back to their email yesterday. It did seem odd that the Chief technology officer would ask for more of an explainer on this issue.

Echoing the sentiments of the article, I began my letter with “If the president truly believes that ‘There’s no scenario in which we don’t want really strong encryption,’ I don’t understand what further discussion we need on this subject.”

Thank you, btw, the Michael Chertoff/Hayden article from July 27th provided useful material for quoting. And the article including US wiretaps and how many encountered encryption last year was also useful.

The one quote I was looking for, but couldn’t find (help?), was a quote I think I saw where Comey, despite all of his talk of bad actors going dark, says there effectively hasn’t been anyone that has successfully evaded the FBI once they employ the other tools in their arsenal. Any help finding that or jogging my memory on what it is I’m actually thinking of would be appreciated.

Anonymous Coward says:

Re: Ed Felten [was ]

It did seem odd that the Chief technology officer would ask for more of an explainer on this issue.

Deputy U.S. Chief Technology Officer. Deputy.

You do know who Ed Felten is, don’t you? Among other notable items, he used to blog frequently at Freedom-to-Tinker.

From 2006 to 2010, he was a member of the board of the Electronic Frontier Foundation (EFF).

He should be well-known to most of the Techdirt readership.

Richard (profile) says:

Re: Re: Re: Ed Felten [was ]

According to Wikipedia Ed Felten WAS appointed to the post of Deputy U.S. Chief Technology Officer for The White House.

This confirmed here


so we have no particular reason to believe it is NOT him – apart from the content.

Anonymous Anonymous Coward says:

To end terrorism...

“…what we, as a nation, can do to fight terrorism…”

Start by telling people to not be afraid rather than emphasizing or actually manufacturing reasons to be afraid.

Stop killing people extra-judicially.

Stop denying and practicing illegal torture.

Stop trying to micromanage foreign governments and placing “US” friendly leaders who are more despotic than those they replace.

Stop spying on everybody in the world, it just pisses them off and makes them want to attack us more, both verbally and physically.

Practice what you preach instead of do as I say not as I do.

Be honest with yourselves in order to be honest with us, and we know, absolutely know, that you haven’t been.

Be open and transparent instead of saying your open and transparent.

Stop using secret interpretations of secret laws in secret courts.

Follow your oaths of office and protect the constitution fully and faithfully, unlike what you are currently doing.

Likely there is more, but that is all I can think of at the moment. When people get as angry as I am right now, clear thinking gets less clear.

Anonymous Coward says:

Re: To end terrorism...

To end terrorism.

You can’t. Terrorism is a tactic. A war against terrorism is about as sensible as a war against ambush, or pincer movements.

You can have a war against an enemy – but then you have to identify the enemy and unfortunately the actual enemy in this case cannot be identified for political reasons. So, so long as that situation remains, there can be no solution.

Almost Anonymous (profile) says:

That is why, in his address to the nation on Sunday, the President reiterated the Administration’s call for America’s technology community and law enforcement and counter-terrorism officials to work together to fight terrorism. American technologists have a unique perspective that makes them essential in finding new ways to combat it. They are the best and most creative in the world, and we need them to bring their expertise, innovation, and creativity to bear against the threat of terrorism.

As a card-carrying technologist, my input is this: technology cannot detect turrism. Also, there is no “safe” way to backdoor encryption.

Anonymous Coward says:

Re: Card-carrying technologist [was ]

As a card-carrying technologist, my input is this: technology cannot detect turrism.

Hey, what the heck is “card-carrying technologist” ? Is that just a fancy way of saying you belong to ACM or IE^3 ? ‘Cause I don’t think IETF hands out membership cards.

Anonymous Coward says:

Even if it was not impossible, we would probably still fight with tooth and claw against these proposals!
The people who aim for full access have proven again and again how they mishandle information and our trust.
Information has been used for profit, political purposes, expanded access to other agencies or law enforcements, and let us not forget: for passing around the office while laughing or looking up (ex)lovers.
You have taken our trust, ripped it to pieces, stomped on it. and lit it on fire, and now you just expect us to gather the ashes, somehow make it whole again and hand it over to you again?
You will have to work really hard to prove to alot of people that you are even mature enough to handle the power.

With the current direction, I find it hard to believe that it will ever happen.

Roger Strong (profile) says:

QUIETLY Endorse Strong Encryption

If today’s White House were to openly argue for strong encryption, Republicans would declare a holy war against it.

Trump would blame encryption for his inability to find a foreign Obama birth certificate. (And a thousand Tea Party blogs would go “AHA!!!”) Cruz would declare the daily Cryptoquote in his newspaper to be “ISIS indoctrination.” Huckabee would rush to stand next to the first civil servant who used her religion to refuse to encrypt citizens’ personal information. Chick-fil-A would proudly refuse to encrypt Visa information.

Roger Strong (profile) says:

Re: Re: QUIETLY Endorse Strong Encryption

The WorldNetDaily / Orly Taitz crowd tried that with a “Kenyan birth certificate.” Among other errors: Kenya didn’t exist until several months after the date on the certificate.

It was also tried with John McCain during the 2008 election cycle. A birth certificate was shown in court “proving” he was born not in the Canal Zone, but outside it. It was shown to be a forgery.

Not that it would have mattered. While the Canal Zone and the Coco Solo Military base were US controlled, they were not considered US territory either. (Nor are other overseas US bases.) McCain was born a US national – but not a US citizen – thanks to his US parents. He got his citizenship when Congress changed the rules 11 months after he was born.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...