Hillary Rodham Clinton avoided taking a position on how easy it should be for law enforcement to access people's encrypted e-mails and texts during an interview at a women's leadership conference in Silicon Valley on Tuesday, calling the debate a "classic hard choice."
"I think what we're missing is that people are kind of in their corners arguing about liberty versus security instead of saying, 'Look, we all want to have privacy for the end users' — that's what the companies are responding to. They're trying to be able to tell their customers, 'We're going to protect your data,'" she said. "But we also don't want to find ourselves in a position where it's a legitimate security threat we're facing and we can't figure out how to address it because we have no way into whatever is holding the information."
Clinton said people have a “legitimate right to privacy,” but she argued that the encryption debate was about finding "the right balance” — a balance Clinton said she hasn't figured out yet.
Clinton said her position was "not a dodge," but some within the tech industry were not convinced, including Nu Wexler, a member of Twitter's policy communications team.
Dodge: RT @hannahkuchler: Encryption - a hot debate between the govt and tech industry - is a "classic hard choice" says Hillary Clinton
— Nu Wexler (@wexler) February 24, 2015
Asked by Re/code's Kara Swisher how she might resolve the issue, Clinton said she would start with having a "real conversation" with tech executives. "I think the conversation, rather than 'you don't understand privacy and you don't understand security,' ought to be 'OK, let's figure out how to do this,'" she said.
But there is already a dialogue going on between the Obama administration and leaders of the technology industry — and much of it is coming down to the technicalities of how encryption works more than an ideological debate over privacy and national security.
Technology companies have moved to expand their deployment of encryption in the wake of revelations about the scope of the National Security Agency's surveillance programs. Apple and Google, for instance, have made it impossible to unlock many mobile devices using their operating systems even if served with a legitimate warrant. This has created tension with U.S. law enforcement officials, who warn that this could allow cybercriminals or terrorists to "go dark." The officials have urged technology companies to build into their products ways for the government to intercept encrypted communications.
But cybersecurity experts have criticized this approach, saying that such "lawful intercept" technology can't be implemented without fundamentally undermining how encryption works — adding complexity into the code that multiplies risks and gives hackers yet another target to attack.
The debate sparked a heated exchange between NSA Director Mike Rogers and Yahoo's information security chief officer, Alex Stamos, at a cybersecurity conference Monday. "It’s like drilling a hole in the windshield," Stamos said.
Clinton's husband, former president Bill Clinton, oversaw an earlier round of the encryption debate, during the 1990s — commonly known as the "cryptowars." As part of the cryptowars, the government promoted the use of NSA technology called the "clipper chip" to provide intercept capabilities for encrypted phone calls. But researchers discovered vulnerabilities in the design that could be exploited, leaving those calls insecure against others hoping to eavesdrop.
"We had this fight almost 20 years ago, and we thought we'd answered the question — that the benefits of strong encryption outweigh the needs for tap-ability," Alan Davidson, vice president and director of New America's Open Technology Institute, said in an interview Monday after the exchange between Rogers and Stamos.
But political leaders appear to be re-hashing the same debate in search of a compromise solution that technical experts say does not exist.
"Everybody in Washington loves the notion of a middle ground, but the solution people are looking for just doesn't exist," Davidson said. "You can't build a strong encryption system with guaranteed tap-ability."