Obama Administration’s Encryption Views Are All Over the Map

Assistant Attorney General Leslie Caldwell

Assistant Attorney General Leslie Caldwell Pablo Martinez Monsivais/AP

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Stay Ahead of the Latest Threats with Intelligence-driven Security Operations
Presented By Google Cloud
Download Now
Strengthening cloud security for federal agencies
Presented By Wiz
Download Now
Brendan Sasso By Brendan Sasso,
National Journal

By Brendan Sasso,
National Journal

|

Some government officials are focused on catching criminals, while others worry about empowering hackers.

The wide­spread use of en­cryp­tion is mak­ing it in­creas­ingly dif­fi­cult for the gov­ern­ment to catch gang­sters, child pred­at­ors, and ter­ror­ists, a top Justice De­part­ment of­fi­cial warned Monday at a tech­no­logy-policy con­fer­ence.

“The De­part­ment of Justice is com­pletely com­mit­ted to seek­ing and ob­tain­ing ju­di­cial au­thor­iz­a­tion for elec­tron­ic evid­ence col­lec­tion in all ap­pro­pri­ate cir­cum­stances,” Leslie Cald­well, the head of the Justice De­part­ment’s Crim­in­al Di­vi­sion, said in a speech to the State of the Net Con­fer­ence. “But once that au­thor­iz­a­tion is ob­tained, we need to be able to act on it if we are to keep our com­munit­ies safe and our coun­try se­cure.”

But just minutes after Cald­well fin­ished her speech, an­oth­er top Obama ap­pointee took the stage at the New­seum in Wash­ing­ton, D.C. to de­liv­er al­most the ex­act op­pos­ite mes­sage to the audi­ence of tech-in­dustry in­siders: En­cryp­tion helps pro­tect con­sumers from hack­ers, ar­gued Ter­rell Mc­Sweeny, a Demo­crat­ic mem­ber of the Fed­er­al Trade Com­mis­sion.

“As a per­son charged with think­ing about con­sumer pro­tec­tion, I deeply worry about things like man­dat­ory back­doors,” Mc­Sweeny said. “We need to be very mind­ful of con­sumer data se­cur­ity, and we should be very, very care­ful about any­thing that un­der­mines that data se­cur­ity.”

The com­ments are just the latest ex­ample of top Obama ad­min­is­tra­tion of­fi­cials of­fer­ing con­flict­ing views on how to ad­dress the grow­ing use of en­cryp­tion, which can thwart both law en­force­ment agents and crim­in­als from gain­ing ac­cess to sens­it­ive data.

FBI Dir­ect­or James Comey ig­nited the de­bate over en­cryp­tion with a speech in 2014, in which he warned that crim­in­als are in­creas­ingly “go­ing dark” from gov­ern­ment sur­veil­lance.

The FTC is an in­de­pend­ent agency, so Mc­Sweeny isn’t re­quired to be in lock­step with the FBI or any oth­er part of the ex­ec­ut­ive branch. The com­mis­sion reg­u­lates con­sumer-pro­tec­tion is­sues, in­clud­ing pri­vacy and data se­cur­ity. But Mc­Sweeny is not the only of­fi­cial to ex­press con­cerns with policies that could weak­en en­cryp­tion.

Even Na­tion­al Se­cur­ity Agency Dir­ect­or Mike Ro­gers said last week that “en­cryp­tion is found­a­tion­al to our fu­ture” and that un­der­min­ing en­cryp­tion could lead to more massive hacks, like the breach of mil­lions of fed­er­al re­cords at the Of­fice of Per­son­nel Man­age­ment, which was al­legedly con­duc­ted by Chinese hack­ers. “Spend­ing time ar­guing about, ‘Hey, en­cryp­tion is bad and we have got to do something about it’—that is a waste of time to me,” Ro­gers said in a dis­cus­sion at the At­lantic Coun­cil.

As the head of the NSA, Ro­gers has com­pet­ing in­terests when it comes to cy­ber­se­cur­ity. Strong “end-to-end” en­cryp­tion, in which mes­sages are in­ac­cess­ible even to the tech com­pan­ies trans­mit­ting the data, makes it harder for the NSA to con­duct sur­veil­lance. But the NSA’s mis­sion is also to pro­tect U.S. net­works from for­eign hack­ers—a job that’s made easi­er by stronger se­cur­ity meas­ures.

That ten­sion between en­sur­ing leg­al gov­ern­ment ac­cess to data while keep­ing out hack­ers is at the heart of the ad­min­is­tra­tion’s con­flic­ted ap­proach to en­cryp­tion. Most tech­no­logy ex­perts warn that any “back­door” for gov­ern­ment ac­cess can, at least in the­ory, also be ex­ploited by hack­ers.

After a lengthy in­tern­al de­lib­er­a­tion, the White House con­cluded last year that it would not ask Con­gress to pass le­gis­la­tion en­sur­ing gov­ern­ment ac­cess to en­cryp­ted data. In­stead, the White House is fo­cused on work­ing with tech com­pan­ies to try to find some oth­er vol­un­tary solu­tion to ad­dress the is­sue. Seni­or ad­min­is­tra­tion of­fi­cials, in­clud­ing White House Chief of Staff Denis Mc­Donough, met with CEOs of ma­jor tech com­pan­ies in San Jose, Cali­for­nia earli­er this month to dis­cuss en­cryp­tion (among oth­er is­sues).

But the White House’s de­cision hasn’t settled the de­bate in Con­gress. Sen­ate In­tel­li­gence Com­mit­tee Chair­man Richard Burr and rank­ing mem­ber Di­anne Fein­stein are work­ing on le­gis­la­tion to force tech com­pan­ies to com­ply with court or­ders for data. Sen. Mark Warner, a Vir­gin­ia Demo­crat, and House Home­land Se­cur­ity Chair­man Mi­chael Mc­Caul, a Texas Re­pub­lic­an, want to take a more cau­tious ap­proach and cre­ate a com­mis­sion to study the is­sue more thor­oughly.

For the pro­ponents of gov­ern­ment ac­cess to data, the ter­ror­ist at­tacks last year in Par­is and San Bern­ardino ad­ded even more ur­gency to the de­bate. Speak­ing at Monday’s tech con­fer­ence, the Justice De­part­ment’s Cald­well said that a shoot­er in Gar­land, Texas last year sent more than 100 text mes­sages to an over­seas ter­ror­ist.

“We have no idea what he said be­cause it was en­cryp­ted,” she said. “That is a big prob­lem. We have to grapple with it.”

NEXT STORY: Floppy Disks and Windows XP: Nuclear Weapons Technology Is Hilariously Out of Date