The draft of a Senate bill effectively banning strong encryption in the United States leaked to the public early Friday morning, delivering the latest thunderclap in a worldwide political storm over encryption technology, cybersecurity, and privacy.
The intensity of the global debate over encryption in 2015 apparently took so many people by surprise that American politicians who once championed and voted to fund encryption technologies are now among those leading the charge toward legally mandated “backdoors” for law enforcement.
“This legislation says a company can design what they want their backdoor to look like, but it would definitely require them to build a backdoor,” Sen. Ron Wyden (D-Ore.), a strong privacy advocate in Congress, said in a statement emailed to the Daily Dot. “For the first time in America, companies who want to provide their customers with stronger security would not have that choice—they would be required to decide how to weaken their products to make you less safe.”
Sens. Richard Burr (R-N.C.), chairman of the Senate Intelligence Committee, and Diane Feinstein (D-Calif.), the Committee's top Democrat, co-authored the encryption backdoor bill, but they have each voted for millions of dollars in funding for encryption in the past, including in a 2008 appropriations bill. And even now, Burr maintains that his position on encryption has not changed.
“I support encryption. I believe it is a priority to keep Americans' information safe, and I also believe that private entities are also subject to U.S. law.”
“There is nothing in the draft language of the bill that calls for weaker encryption, and support of these two bills is not contradictory,” Burr told the Daily Dot in an email. “I support encryption. I believe it is a priority to keep Americans' information safe, and I also believe that private entities are also subject to U.S. law. When a judge issues an order, we are all required to follow the law.”
The debate over encryption spread like wildfire in the last year, reaching into the halls of Congress and the 2016 presidential election, but it wasn’t that long ago that the U.S. government was pouring significant sums of money into encryption technology with little or no debate.
Spending on Internet freedom initiatives, including encryption, more than doubled under Secretary of State Hillary Clinton, who served in the Obama administration from 2009 to 2013. Clinton made encryption a keystone of her tenure atop the State Department by spotlighting and attacking problems—Internet censorship, privacy, and “equal access to knowledge and ideas” online—that are uniquely and directly addressed by encryption that were funded in large part through her department.
Since she began running for president, however, Clinton’s stance on encryption shifted dramatically as figures like FBI Director James Comey began calling for backdoor access—intentional weaknesses in encryption technology for the purposes of law-enforcement investigations—into encrypted data.
In 2015, Clinton called for a “Manhattan-like project” to break encryption. But in 2011, she was the world’s most vocal and powerful proponent for funding encryption technology development.
Clinton’s shift has been especially abrupt because, during her time as secretary of state, she argued forcefully for the virtues of encryption and Internet freedom even as the U.S. and world governments faced many online violent threats nearly identical to those faced today.
Citing Al Qaeda’s use of the Internet to recruit, propagandize, and strategize—a dark prelude to the Islamic State’s present-day online activity—Clinton said the international community must constructively confront the many challenges of a free Internet.
“These challenges must not become an excuse for governments to systematically violate the rights and privacy of those who use the Internet for peaceful political purposes,” she said in a landmark 2011 speech on Internet freedom.
The Clinton State Department's support of encryption tech was touted as the height of “21st century statecraft” and a valiant effort to enhance a valuable tool in spreading democracy around the world.
“We are also supporting the development of new tools that enable citizens to exercise their right to free expression by circumventing politically motivated censorship,” Clinton said in her 2011 speech. “We are providing funds to groups around the world to make sure those tools get to the people who need them in local languages and with the training they need to access the Internet safely.”
A number of prominent architects and supporters of this year’s backdoor legislation have a history of voting for millions in funding for encryption.
In the Consolidated Appropriations Act of 2008, which under President George W. Bush passed the U.S. House of Representatives by a vote of 241-178 and the Senate 81-12, required $15 million for an Internet freedom initiative to expand access and information in closed societies in the Middle East and Asia.
Both Burr and Feinstein voted for the 2008 funding bill.
While Burr maintains that he supports encryption and that his legislation omits “calls for weaker encryption,” a virtually unanimous consensus of technologists, both American and international, disagree with that sentiment.
Mandating a backdoor to encryption for law enforcement means adding a crucial vulnerability that can be exploited by a wide range of attackers, ranging from common criminals to nation states.
In the Consolidated Appropriations Act of 2010, which under President Barack Obama and Secretary of State Clinton passed by 88 votes in the House and 48 votes in the Senate, required $30 million “to expand access to information and communications through the Internet, and shall be used for programs that provide unmonitored and uncensored access to the Internet for large numbers of users living in closed societies that have acutely hostile Internet environments.”
Feinstein voted for the 2010 funding, Burr voted against it.
The pattern goes wider.
In 2010, Sen. John McCain (R-Az.) backed the Clinton-championed Victims of Iranian Censorship (VOICE) Act that mandated tens of millions of dollars in funding for strong encryption to be used ostensibly to advance freedom in Iran. McCain also voted for the Consolidated Appropriations Act of 2008, which funded encryption to the tune of $15 million.
Today, McCain is pushing for a new law to mandate backdoors in encryption.
The shifting support among lawmakers away from encryption comes as the security technology moves from remote corners of the globe and into the American mainstream with the help companies like Apple, Google, and Facebook.
The encrypted messaging now available to a billion WhatsApp users was funded directly by U.S government programs like those that run out of the State Department, Radio Free Asia, or the Broadcasting Board of Governors. The money went to organizations like Open Whisper Systems, which developed programs like the encrypted mobile messaging software Signal and whose technology is now integrated into WhatsApp, a Facebook-owned company.
“The closer Clinton gets to the White House, the more of an asterisk this is going to be for her.”
Anonymity projects like Tor, which use encryption to offer anonymous browsing and messaging, receive millions of dollars from U.S. government programs.
The changing political dynamics are perhaps most potent for Clinton as she fights for the Democratic presidential nomination.
“The closer Clinton gets to the White House, the more of an asterisk this is going to be for her,” Christopher Soghoian, a technologist at the American Civil Liberities Union, said. “She wanted a panic button on phones for activists arrested by the Turkish government, so she funded it. Now guys like Comey complain that smartphone tech is too advanced. Clinton would say we wanted tech for activists in China, not Americans.”
“When it was useful for political purposes, Clinton was happy to fund technology that would frustrate governments elsewhere,” Soghoian added. “As she comes closer to the White House, this puts her at odds with important people here.”
Neither Feinstein, McCain, nor Clinton responded to requests for comment.