The Administration Decision on Encryption Policy
The New York Times reported on October 11, 2015 that
The Obama administration has backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices, concluding that it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit.
Published by The Lawfare Institute
in Cooperation With
The New York Times reported on October 11, 2015 that
The Obama administration has backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices, concluding that it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit.
In the same story, a spokesperson from the National Security Council is quoted as saying
“As the president has said, the United States will work to ensure that malicious actors can be held to account, without weakening our commitment to strong encryption. . . . As part of those efforts, we are actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services. However, the administration is not seeking legislation at this time.”
Assuming these reports to be true, we need to keep the following points in mind:
- In the absence of legislation, executive branch policy can stand only until the next administration. Thus, even if the present admin had said that it would *never* seek a legislative or technical back door to encrypted products or services (according to the NY Times, a statement sought by Tim Cook), it would not necessarily have had a binding effect past January 2017.
- In the event of a horrific event for which encryption was used in its planning, the political calculus may well change. Indeed, it would be surprising if legislation and even a template for the press release had not already been drafted in support of mandatory exceptional access.
- The NY Times reported that the intelligence agencies were less vocal in their concerns about encryption, which it posited reflected their greater capabilities to gather information. If so, it suggests the desirability of increasing the technical capabilities of federal, state, and local law enforcement agencies to deal with encrypted data and communications when encountered. Note that this recommendation was also a part of the 1996 National Research Council report Cryptography’s Role in Securing the Information Society, but alas, was never implemented.
Despite the Administration’s apparently final decisions on the encryption argument, I’m willing to bet anyone a cup of coffee that we have not seen the end of this discussion between now and January 21, 2017 (though I reserve the right to limit payouts based on my bank account).
