Senior administration officials participating in a panel discussion about their expansive new cybersecurity plan largely avoided the elephant in the room on cyber issues: government attempts to weaken encryption.
As they explained President Obama‘s new Cybersecurity National Action Plan at a Thursday event hosted by New America, the officials—Michael Daniel, Obama’s cybersecurity coordinator; Chief Information Officer Tony Scott; Deputy Chief Technology Officer Ed Felten; and Phyllis Schneck, the Department of Homeland Security’s lead cybersecurity official—made no mention of the roiling debate over whether tech companies should design their encryption in a way that can be broken for government investigations.
The only official to address encryption, Felten, did so in response to an audience question.
“What makes that issue challenging starts from our mission of protecting the American people,” he said. “When the president has spoken about this issue, he talked about the value of strong encryption in order to protect people, protect their data. But he also talked about the importance of law enforcement and the intelligence community being able to protect us against a different kind of threat.”
“What makes that issue challenging starts from our mission of protecting the American people.”
Felten called the encryption issue “an intellectually interesting one, in addition to its importance,” because there were “protection equities on both sides of the discussion.”
FBI Director James Comey has led the charge for guaranteed-access schemes in encryption since late 2014, when Apple added end-to-end encryption—which it cannot break—to its iOS mobile operating system. He has claimed that terrorists and criminals are “going dark,” hiding their planning by using encrypted messaging apps. After the Paris and San Bernardino terrorist attacks, two senior senators joined his effort, planning legislation that could ban end-to-end encryption.
Leading security experts and technologists warn that so-called “backdoors” in encryption would be dangerous, unfeasible, and economically disastrous. Research has shown that a U.S. law banning strong encryption in American products would be useless because of the number of foreign-made encrypted services.
But despite saying in February 2015 that he “lean[ed] probably further on side of strong encryption than some in law enforcement,” President Obama has not stopped Comey from pushing guaranteed-access solutions, nor has he outright rejected such a solution himself. The administration is preparing a response to a petition urging Obama to do so, but that response is not expected to firmly clarify his position.
In an interview after the event, Felten declined to predict whether Obama would clarify his stance on encryption. “There have been a lot of discussions within the administration about this issue,” he told the Daily Dot. “It’s something that we’ve looked at pretty thoroughly.”
The administration considered and then rejected options for a backdoor-mandate law, deeming them technically and politically unfeasible. Referring to those deliberations, Felten said, “We’ve developed a policy over a lengthy process, and so we’re in this position of not seeking legislation right now.”
As evidence of the dangers of backdoors, technical experts point to suspicious code discovered in a popular hardware firewall that could be an NSA-designed backdoor. Congress is now investigating whether any federal agencies used that product, concerned that rogue entities might exploit the backdoor to gain access to government systems. This textbook example of a backdoor’s unintended consequences reflects the extent to which encryption is a cybersecurity issue.
A former Obama administration official told the Daily Dot in July 2015 that the president’s public silence on Comey’s “going dark” agenda wasn’t surprising.
“It’s pretty well understood that the FBI has a certain amount of independence when they’re out in the public-policy debate advocating for whatever they think is important,” that official said.
In the interview on Thursday, Felten declined to say whether there had been pushback inside the White House to Comey’s public statements on encryption.
“I think the president has acknowledged that there are difficult issues here,” he said, “and that there are important goals that you would like to be able to [meet] simultaneously.”
Screengrab via NAF Live Events/Ustream