President Obama won’t push for legislation that forces encryption vendors to decrypt when ordered to do so by a court, Reuters is reporting, essentially choosing to sit on the fence, at least for now.
Combined with his comments earlier this year at South by Southwest Interactive, it seems that Obama, like many others, is torn between privacy and law enforcement’s desire to crack encryption to further investigations.
White House sources say he will withhold public support for draft legislation that would force encryption vendors to help law enforcement to decrypt messages protected by their technology, Reuters says.
The comments about his support are specific to a legislative proposal being prepared by the ranking Republican and Democrat on the Senate Intelligence Committee: Sen. Richard Burr and Sen. Dianne Feinstein, respectively. So it’s uncertain what Obama really wants other than that it’s not what the proposal contains.
His most detailed public statement on the issue came at SXSW, where he said, “I suspect the answer will come down to how we create a system where the encryption is as strong as possible, the key is as secure as possible, it’s accessible by the smallest number of people possible for the subset of issues that we agree is important.” It sounds like he favors backdoors that are well protected and narrowly applied.
He has also said he doesn’t expect Congress to act on the issue this year and if he’s right, that could push consideration of encryption backdoors into the next presidential administration.
That’s unfortunate because law enforcement, the FBI in particular, seems to be carefully picking where it challenges the interpretation of existing laws to give it this decryption authority. The most dramatic one to date resulted in the showdown between the FBI and Apple over the iPhone used by a terrorist in the San Bernardino shootings.
The FBI said it just didn’t know what data valuable to anti-terror work might be on the phone. It convinced a judge to stretch interpretation of the All Writs Act to mean that Apple should be required to write software to undo the phone’s anti-brute-force protections. Apple challenged the order and ultimately the FBI dropped the matter when it found a third party to break into the phone.
But the issue won’t go away. In the absence of a law that clarifies exactly what encryption vendors are obliged to do, law enforcement will continue to seek authority in existing laws. And if they fail, sympathetic legislators like Burr and Feinstein will draft new ones.
One scenario that might play out is that the FBI uncovers encrypted information that might have stopped a terrorist attack if it had been decrypted sooner. In that case, with a surge of public support, a hastily thought-out law might be passed that brings unexpected and unintended negative consequences. These could impact privacy, banking security, international trade and intellectual property.
Weakening encryption has undeniable consequences and not doing so leaves the possibility of improving terrorists’ chances of success. There is no answer that fully addresses both sides’ concerns.
So it’s unfortunate that now, during a legal lull in the encryption battle, Obama isn’t pushing for broad public discussion of the matter. It would be far better if, when the inevitable negatives play out, the public will feel that they were vetted and understood.