When two of President Barack Obama‘s Cabinet secretaries meet Tuesday with their Indian counterparts, one important topic they may avoid is the Indian government’s controversial new plan to restrict its citizens and businesses’ use of encryption.
India released a draft of its new encryption policy over the weekend, just days before the first U.S.-India Strategic and Commerce Dialogue, and the document is already earning scorn from privacy activists and security experts. The policy would require companies that operate in India—as well as local, but not national, government departments—to install “backdoors” in their systems to let law-enforcement agencies bypass their encryption. It would also mandate the retention of unencrypted data for 90 days, essentially creating massive hacker-friendly honeypots of unsecured private communications.
As important as strong encryption is to civil society, Secretary of State John Kerry and Secretary of Commerce Penny Pritzker may avoid confronting Indian officials about the new policy due to lingering uncertainty over the United States’ own stance on the issue.
“Unimpeded access to encryption is a moral and economic imperative, and Secretaries Kerry and Pritzker should make that clear to their Indian counterparts during their upcoming dialog.”
The Obama administration is still wrestling with its own approach to the encryption debate, which in the U.S. has pitted law-enforcement officials against security experts and tech companies in disputes over security and privacy. FBI Director James Comey has led that charge for the government, slamming Apple for encrypting its iOS devices in a way that it cannot decrypt when served with a warrant. Comey has said that Apple is aiding criminals who are increasingly “going dark” and communicating off of U.S. officials’ radar.
President Obama, who has said that he leans more toward the privacy side of the argument, has yet to forcefully rebuke his top law-enforcement and intelligence officials over their combative calls for backdoors. But inside the White House, a consensus is reportedly emerging for Obama to reject the idea of a backdoor mandate and publicly endorse robust encryption.
Kerry and Pritzker are set to meet Tuesday with their counterparts, Minister of External Affairs Sushma Swaraj and Minister of State for Commerce and Industry Nirmala Sitharaman. A White House spokesman declined to say whether Kerry or Pritzker would confront their Indian counterparts over encryption, instead referring the Daily Dot to their respective departments, neither of which responded to multiple requests for comment.
Ross Schulman, senior policy counsel at New America’s Open Technology Institute, argued that it was important for U.S. officials to preach the gospel of strong encryption in the bilateral meetings.
“Unimpeded access to encryption is a moral and economic imperative, and Secretaries Kerry and Pritzker should make that clear to their Indian counterparts during their upcoming dialog,” Schulman told the Daily Dot in an email. “Encryption technology is critical not only to the modern global economy, but also to the protection of human rights around the world.”
Schulman noted that the United Nations‘ special rapporteur on digital privacy highlighted the importance of encryption as a human right in his report on “encryption, anonymity, and the human rights framework.”
“Encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection,” the report argued.
Schulman said he hoped that Kerry and Pritzker would make clear to their Indian counterparts “the importance to global trade and communication that encryption makes possible.”
But as the ongoing White House deliberations make clear, President Obama has not yet adopted a formal stance on encryption backdoors. He might be reticent to instruct his senior officials to lecture India over the issue—particularly when there is no guarantee that his administration will forgo similar restrictions in the near future.
“The Obama administration hasn’t made up its public mind as to where they’ll lean going forward, so it is probably not reasonable to expect administration staff to push hard against backdoors,” Joseph Hall, chief technologist at the Center for Democracy and Technology, told the Daily Dot in an email.
Even so, Hall said, India’s new policy invited other criticisms too. “Data retention of cleartext of communications for 90 days poses a serious security risk for data breaches and makes more modern kinds of cryptography impossible,” Hall said. A mandate to retain unencrypted data, he pointed out, would preclude the use of “perfect forward secrecy,” a powerful encryption scheme that is growing more popular in the U.S.
India’s encryption policy also sets specifications for the encryption that companies can use, such as the bit length of their encryption keys and the types of algorithms that can power the encryption. Hall called this “a horrible idea” and connected it to failed U.S. law-enforcement proposals in the 1990s, during the first phase of the so-called “Crypto Wars.”
Encryption restrictions like the ones that India is proposing “will result in more actual compromise of secure services and transactions and will chill engagement in e-commerce as well as sensitive services in finance, health, and critical infrastructure,” Hall said.
The result is a mixed portrait of America’s top diplomat at a time when encryption is a global issue of paramount importance on multiple fronts.
Little is known about Secretary Kerry’s role in administration deliberations over backdoors. As a senator, Kerry’s record on encryption was mixed. He opposed the Clinton administration’s attempt to undermine commercial encryption with the Clipper Chip, and he acknowledged in a June 1999 Senate Commerce Committee hearing that encryption was “essential to hundreds of billions of dollars of e-commerce,” a figure that has grown significantly since then. But he also invoked the specter of terrorism to rebutt a Wired op-ed that argued for strong encryption. The result is a mixed portrait of America’s top diplomat at a time when encryption is a global issue of paramount importance on multiple fronts.
“The White House memo that was leaked last week reveals that the U.S. has the will and the capacity to lead on global encryption policy with a call to disavow compulsory actions that would weaken secure communications technologies and infrastructure,” Amie Stepanovich, U.S. policy manager at the international digital-rights group Access, told the Daily Dot in an email.
“Those in the U.S. State Department should start by continuing to engage with other world leaders on this vitally important topic,” Stepanovich said. “Failing to do so would suggest that the U.S. has de-prioritized the safety and security of billions of users around the world.”
Update 9:12am, Sept. 22: The Indian government has withdrawn the draft of its encryption proposal, arguing that it was misunderstood and did not reflect the government’s full views of encryption priorities.
Illustration by Fernando Alfonso III