Tech behemoths including Apple and Google and leading cryptologists are urging President Obama to reject any government proposal that alters the security of smartphones and other communications devices so that law enforcement can view decrypted data.
In a letter to be sent Tuesday and obtained by The Washington Post, a coalition of tech firms, security experts and others appeal to the White House to protect privacy rights as it considers how to address law enforcement’s need to access data that is increasingly encrypted.
“Strong encryption is the cornerstone of the modern information economy’s security,” said the letter, signed by more than 140 tech companies, prominent technologists and civil society groups.
The letter comes as senior law enforcement officials warn about the threat to public safety from a loss of access to data and communications. Apple and Google last year announced they were offering forms of smartphone encryption so secure that even law enforcement agencies could not gain access — even with a warrant.
“There’s no doubt that all of us should care passionately about privacy, but we should also care passionately about protecting innocent people,” FBI Director James B. Comey said at a recent roundtable with reporters.
Last fall, after the announcements by Apple and Google, Comey said he could not understand why companies would “market something expressly to allow people to place themselves beyond the law.”
FBI and Justice Department officials say they support the use of encryption but want a way for officials to get the lawful access they need.
Many technologists say there is no way to do so without building a separate key to unlock the data — often called a “backdoor,” which they say amounts to a vulnerability that can be exploited by hackers and foreign governments.
The letter is signed by three of the five members of a presidential review group appointed by Obama in 2013 to assess technology policies in the wake of leaks by former intelligence contractor Edward Snowden. The signatories urge Obama to follow the group’s unanimous recommendation that the government should “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.
Richard A. Clarke, former cybersecurity adviser to President George W. Bush and one of three review group members to sign the letter, noted that a similar effort by the government in the 1990s to require phone companies to build a backdoor for encrypted voice calls was rebuffed. “If they couldn’t pull it off at the end of the Cold War, they sure as hell aren’t going to pull it off now,” he said.
Comey, he said, “is the best FBI director I’ve ever seen,” but “he’s wrong on this [issue].”
Congress, too, is unlikely to pass legislation that would require technology companies to develop keys or other modes of access to their products and services in the post-Snowden area.
Lawmakers on both sides of the aisle have expressed skepticism toward the pleas of law enforcement agencies. Rep. Ted Lieu, a California Democrat with a computer science degree, called backdoors in software “technologically stupid.”
Ronald L. Rivest, an inventor of the RSA encryption algorithm (his name is the “R” in “RSA”), said standards can be weakened to allow law enforcement officials access to encrypted data. “But,” he said, “you’ve done great damage to our security infrastructure if you do that.”
The issue is not simply national, said Rivest, a computer science professor at MIT who signed the letter. “Once you make exceptions for U.S. law enforcement, you’re also making exceptions for the British, the French, the Israelis and the Chinese, and eventually it’ll be the North Koreans.”
The signatories include policy experts who normally side with national-security hawks. Paul Rosenzweig, a former Bush administration senior policy official at the Department of Homeland Security, said: “If I actually thought there was a way to build a U.S.-government-only backdoor, then I might be persuaded. But that’s just not reality.”
Rosenzweig said that “there are other capabilities” that law enforcement can deploy. They will be “less satisfying,” he said, but “they will make do.”
Privacy activist Kevin Bankston organized the letter to maintain pressure on the White House. “Since last fall, the president has been letting his top law enforcement officials criticize companies for making their devices more secure and letting them suggest that Congress should pass pro-backdoor legislation,” said Bankston, policy director of the New America Foundation’s Open Technology Institute.
“It’s time for Obama to put an end to these dangerous suggestions that we should deliberately weaken the cybersecurity of Americans’ products and services,” he said. “It’s time for America to lead the world toward a more secure future rather than a digital ecosystem riddled with vulnerabilities of our own making.”