The U.S. took its encryption argument international last week, with Attorney General Loretta Lynch telling the World Economic forum that it doesn’t want to put security backdoors into encrypted communications, it just wants to vendors and service providers to decrypt when ordered to by a court.
That ignores that facts that vendors and providers can’t decrypt unless there is a backdoor of some sort, and that any backdoor undermines the security and therefore the value of encryption.
It’s a case of the Department of Justice – via Lynch and FBI Director James Comey – trying to steer clear, at least technically, of demanding backdoors, but it’s all a semantic game. Earlier, Comey stopped using the term backdoor and asked for front-door access to decryption instead. Backdoor had become too much of a flashpoint, even though a front-door is exactly the same as a backdoor from a technology standpoint.
So the department is changing the spoken terms of its demand even though it is still seeking backdoors. Now it just describes its needs, not how vendors and providers should fulfill them. They want these entities to come up with decrypted communications when they present a court order telling them to do so. It’s up to the vendors and providers to figure out how to do that.
Lynch said this: “We in the U.S. government are not asking for a backdoor. We’re asking to work with Silicon Valley to make sure that as we preserve encryption we also preserve what we currently have, which is the ability for companies to respond to law enforcement warrants: court-ordered, court-authorized requests for information.”
At the moment no one knows how to preserve encryption and give her what she wants, and she knows it. But to a public that doesn’t give much thought to the value of encryption or to the dangers of opening up backdoors, it makes her sound much more reasonable to phrase her request the way she now does. It’s a decision based on making her request more politically palatable. Comey has been doing the same thing for several months.
The director of the NSA Adm. Mike Rogers is direct about the practicality of having both privacy that encryption is meant to insure, and law enforcement’s desire to breach it in the name of security.
“I’m not a person who argues, ‘Well the right answer is the imperative is security and that ought to drive everything,’” he says. “Likewise I’m not a person who says, ‘The imperative has got to be privacy and that ought to drive everything.’ We’ve got to meet these two imperatives and we’ve got to figure it out.”
He says, “Encryption is foundational to the future, so spending time arguing about, ‘Hey, encryption is bad and we’ve got to do away with it,’ that’s a waste of time to me. … So what we’ve got to ask ourselves is: given that foundation, what’s the best way for us to deal with it? Then, how do we meet those very legitimate concerns from multiple perspectives?”
So far nobody has the answer.
Note: Many stories were written last week using Rogers’s quote, “Encryption is foundational to the future,” to conclude that the he supports protecting encryption from backdoors. A fuller reading of his comments shows that he’s also seeking the elusive backdoor that doesn’t also represent a vulnerability.