Cybersecurity

Privacy hawks turn to White House in encryption fight

Privacy advocates are leaning on the White House to counter lawmakers’ renewed efforts to pass encryption-piercing legislation in the wake of the terror attacks in Paris and San Bernardino, Calif.

Despite a lack of direct evidence the technology played a role in either incident, lawmakers continue to use both deadly plots to promote a bill that would force companies to decrypt data upon request.

{mosads}The tactic has left technologists and privacy advocates frustrated, even outraged.

In a meeting with privacy and civil liberties groups on Thursday, the Obama administration said it was preparing to issue an updated stance on encryption policy in the coming weeks, giving the pro-encryption community hope it might have a new ally in its fight.

“I’m very hopeful and the White House has been very receptive,” said Kevin Bankston, director of New America’s Open Technology Institute, who attended the sit-down with top White House cybersecurity and technology officials.  

The White House is the one force in government that digital rights advocates believe has the power to shut down the what they see as damaging and distracting battles over a technology they say is necessary and inevitable.

“My concern is we’re going to be arguing this every few years unless there’s a definitive statement from the White House,” Bankston said.

Since the deadly attacks, major Silicon Valley players such as Apple and Google have been under intense pressure from Congress and law enforcement to allow investigators some form of guaranteed access to encrypted data.

As a result, privacy advocates say several types of useful encryption have become vilified with little reason.

“I’m frustrated by this cynical, opportunistic playbook where the intelligence community sits poised to take advantage of whatever tragedy comes along,” Bankston said, “even if the facts on the ground have nothing to do with it.”

On Capitol Hill this week, FBI Director James Comey portrayed claims that companies cannot crack their own encrypted data, even under court order, as a business decision, not a technological imperative.

Among them, Apple argues the company itself is incapable of getting at the encrypted data on its latest operating system.

“There are plenty of companies today that provide secure services to their customers and still comply with court orders,” Comey told the Senate Judiciary Committee on Wednesday. “This is not a technical issue, it is a business model question.”

Lawmakers have picked up on this message, using it to lambast Silicon Valley.

“Here’s my message to Silicon Valley: Change your business model tomorrow,” Sen. Lindsey Graham (R-S.C.), who is running for president, said Wednesday on Fox News.

Joe Hall, chief technologist with the Center for Democracy and Technology (CDT), which was also represented at the White House meeting, called this language “really infuriating.”

“What that shows is a misunderstanding of why one would choose to secure either a given communication or a device,” he added.

Providing “easy-to-use, mass market cybersecurity tools” keeps American tech firms competitive in the global marketplace and help secure broad swaths of data from rapidly expanding cyber crime syndicates and overseas cyber spies, Hall said.

Congress has long “been on the warpath,” he added, to get companies and individuals to adopt this type of secure technology.

Yet suddenly, increasingly common forms of securing data and messages, such as end-to-end encryption and full-disk encryption, are under attack.

With end-to-end encryption, a digital message — an email, or iMessage, for instance — is only visible to the sender and receiver. Full-disk encryption allows people to lock down all information on a hard drive.

During his Wednesday testimony, Comey told lawmakers that one of the shooters in the Garland, Texas, attack on a contest to draw a cartoon of the Prophet Mohammed exchanged 109 of encrypted messages with overseas terrorists.

“We have no idea what he said, because those messages were encrypted,” he said.

Investigators have not produced similar examples for the suspects in Paris and San Bernardino, although ABC News reported the couple behind the San Bernardino shootings had digital devices with “some form of encryption,” citing two unnamed U.S. officials.

Still, these details have fueled those calling for a policy that would ensure government access to secured data.

Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) have vowed to offer legislation that would compel companies to comply with court orders seeking encrypted messages.

“I think this world is really changing in terms of people wanting the protection and wanting law enforcement, if there is conspiracy going on over the Internet, that that encryption ought to be able to be pierced,” Feinstein said Wednesday.

But technologists and civil society groups say such a bill would essentially amount to a ban on manufacturing or selling devices with features such as end-to-end or full-disk encryption.

The result, they insist, would be a world in which everyday people are more vulnerable to data breaches and dissidents are more exposed to repressive government spies.

In response, these encryption advocates have turned their hopes to the White House.

“The White House has to look at those comments and what may result from where the senators are headed and start to take a proactive stance in regards to that,” said Amie Stepanovich, U.S. policy manager at digital rights advocate Access, who attended Thursday’s White House meeting.

“We need somebody in a position of power to take leadership on this issue,” she added.

Privacy hawks have seen positive movement from the White House over the past year.

For months, the administration was investigating legislative options and technological mandates that would allow law enforcement its desired access to data on encrypted devices. Ultimately, the White House decided to back away, for the time being, from any mandate.

Following Thursday’s meeting, attendees praised the administration’s ongoing attention to the issue.

“They really wanted to listen to our opinions and the research that we were able to bring in,” Stepanovich said.

But the White House can’t drag its feet forever, privacy advocates agreed.

They see the administration’s current encryption stance as “no stance.” The position is allowing Congress and law enforcement to continue down potentially destructive paths that would undermine security, encryption advocates said.

A full-throated endorsement of robust encryption methods, such as end-to-end encryption and full-disk encryption, can cut off that path, they said.

“It could be a game-changer,” Bankston said. “I think it would help us put to bed this debate that’s been raging for well over a year.”

“We can move on and start having a more productive conversation about how law enforcement and the tech community can adapt to a world where encryption is common,” he added.

— Updated 9:02 p.m.