- 15 Halloween costumes for pet owners with absolutely no chill 4 Years Ago
- People are celebrating #BiVisibilityDay with art and selfies 4 Years Ago
- Six U.S. cities among the world’s most surveilled places 4 Years Ago
- Facebook page faces backlash for selling ‘Christian yoga certification’ Today 2:03 PM
- A million-mile Tesla battery may be around the corner Today 1:29 PM
- Our 5 favorite AirPod charging cases at every price point Today 1:10 PM
- Amazon Prime almost completely swept the Emmys’ comedy section Today 12:31 PM
- People are outraged that a 6-year-old was arrested for a temper tantrum Today 12:26 PM
- A tropical storm named Karen is sparking jokes about calling the manager Today 12:18 PM
- Patriotic Facebook page reaching millions of Americans is run by Ukrainians Today 12:11 PM
- Review: ‘Color Out of Space’ and the cosmic horror of an uninvited guest Today 11:58 AM
- Snap’s ‘Project Voldemort’ dossier details Facebook’s bullying tactics Today 11:42 AM
- Conservatives compare teen activist Greta Thunberg to Nazi poster girl Today 11:17 AM
- Trump’s immigration czar is upset climate activists are calling out capitalism Today 10:47 AM
- A bunch of popular YouTube channels were the victims of a nasty hack Today 10:10 AM
Here’s the Obama administration’s rejected plan for encryption backdoors
Officials considered physical backdoors on phones and more.
We now know how the United States government would thwart encryption, if it chose to do so.
U.S. officials considering ways to let law enforcement bypass encryption determined that several approaches were “technically feasible” but concluded that their ideas would become “a focal point for attacks,” according to a newly published memo on the subject produced by an interagency working group.
“Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce ‘backdoors’ or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation,” reads the memo, published Thursday morning by the Washington Post.
Encryption has frustrated law-enforcement officials for decades, dating back to the “Crypto Wars” of the 1990s. But the widespread availability of easy-to-use secure communications recently reemerged as the premier point of tension between privacy activists and technical experts on one side and the intelligence and law-enforcement communities on the other.
President Barack Obama has yet to publicly take a side in the debate, but his FBI director, James Comey, has vehemently rebuked companies like Apple for pursuing encryption that even they cannot break when presented with a warrant.
The group of government officials studying encryption came up with four approaches for bypassing it.
The first approach would require tech companies to build a special port on their devices that would provide access to encrypted data if a company applied its special key. Law enforcement would need to seize the device and present a warrant to a company in order for they key to be applied. The memo noted that this approach “would impose significant cost” on tech companies, but it also said that a physical port “substantially reduces the cybersecurity risk” of a backdoor approach, such as “abuse by malicious actors and foreign government entities.”
The memo also proposed legally compelling companies to apply software backdoors—special channels through onboard encryption that could be accessed pursuant to a warrant—using their devices’ automatic update process. Government officials were quick to note, however, that using automatic updates to apply a backdoor “could call into question the trustworthiness of established software update channels.” Users, the memo warned, might turn off automatic updates altogether, potentially exposing themselves to new forms of malware.
The memo’s third proposal is a “split-key system,” where multiple parties would hold pieces of the key that had to be combined for some decryption process—left unspecified in the memo—to take place. Officials noted that this process would guard against abuse by raising the bar for malicious actors, but they acknowledged that it “would be complex to implement and maintain” because of the strain it would place on participants.
The fourth proposal, one that has not been discussed as frequently as the first and third options, is a “forced backup.” Companies would download all of the data that their customers generated on their devices to an unencrypted backup site. Left unsaid in the memo was the significant security risk that such a backup would create—a secret server full of unencrypted data would be like an unmarked but unlocked bank vault, protected only by its obscurity but accessible to anyone who located it.
The Department of Justice, the FBI, and the Office of the Director of National Intelligence, which oversees the intelligence community, did not respond to requests for comment about whether they still favored any of these proposals. But civil-liberties advocates were quick to denounce the memo’s ideas.
The memo’s authors clearly understood the tremendous public-relations challenge that any of their proposals would face. “Given industry and civil society’s combative reaction to government statements to date,” the memo’s authors wrote, “any proposed solutions almost certainly would quickly become a focal point for attacks.”
A senior U.S. official stressed to the Post that the proposals were never formally recommended to Obama. “We’re not promoting those as the way to go,” the unnamed official said. “We’re just saying these are things that could be done.”
Photo via Christian Schnettelker/Flickr (CC BY 2.0)
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.