Obama faces growing momentum to support widespread encryption - The Washington Post
White House officials have backed away from seeking a legislative fix to deal with the rise of encryption on communication devices, and they are even weighing whether to publicly reject a law requiring firms to be able to unlock their customers’ smartphones and apps under court order.
For the past year, law enforcement and the intelligence community have warned that an inability to obtain decrypted data is putting public safety and national security at risk, arguing it will allow criminals and terrorists to communicate securely. They have appealed to tech companies to voluntarily come up with solutions for their own products, and they don’t want to rule out legislation entirely.
But over the summer, momentum has grown among officials in the commerce, diplomatic, trade and technology agencies for a statement from the president “strongly disavowing” a legislative mandate and supporting widespread encryption, according to senior officials and documents obtained by The Washington Post.
[Read the NSC draft options paper on strategic approaches to encryption]
Their argument: Ruling out a law and supporting encryption would counter the narrative that the United States is seeking to expand its surveillance capability at the expense of cybersecurity. They say the statement from the president also would help repair global trust in the U.S. government and U.S. tech companies, whose public images have taken a beating in the wake of disclosures about widespread National Security Agency surveillance.
And, they argue, it would undercut foreign competitors’ claims that U.S. firms are instruments of mass surveillance.
Strong pushback has come from national security officials who think that they ought to be able to retrieve text messages, photos and other material when they have a warrant and who think that their inability to do so is hampering criminal and counterterrorism investigations. If they can’t gain access to decrypted data, they warn, there will be a tragedy that could have been averted.
[As encryption spreads, U.S. grapples with clash between privacy, security]
“The encryption issue . . . both in this country and abroad is going to have a major impact on how law enforcement and intelligence do their jobs,” said a senior administration official, who was given permission to be interviewed, but on the condition of anonymity because of the topic’s sensitivity. “It’s not surprising that they want to make sure that the public discourse includes a healthy debate about their issues as well.”
The official said that the White House’s goal is “driving towards a consensus where we can get an administration position out there.” But “there are people that have very strong opinions on both sides of this issue.”
Privately, law enforcement officials have acknowledged that prospects for congressional action this year are remote. Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
There is value, he said, in “keeping our options open for such a situation.”
Litt was commenting on a draft paper prepared by National Security Council staff members in July, which also was obtained by The Post, that analyzed several options. They included explicitly rejecting a legislative mandate, deferring legislation and remaining undecided while discussions continue.
None mentioned calling for legislation.
[Why the fear over ubiquitous encryption might be overblown ]
In October, FBI Director James B. Comey, in a speech at the Brookings Institution, said he was “focused on trying to get the law changed” so that companies would be required to unlock data and devices for law enforcement, when it has a warrant. “I’m hoping we can now start a dialogue with Congress on updating” the law, he said.
By July, the tone of law enforcement officials had softened. “We do believe that it’s important now, rather than seeking a legislative fix across the board, that we try to work with the individual companies” to achieve solutions, Deputy Attorney General Sally Quillian Yates testified before Congress. Each company knows its systems best, she said. “What works for Apple might not be the best solution for another of the communications providers,” she said.
Some White House aides had hoped to have a report on the issue to give to the president months ago. But “the complexity of this issue really makes it a very challenging area to arrive at any sort of policy on,” the senior official said. A Cabinet meeting to be chaired by National Security Adviser Susan Rice, ostensibly to make a decision, initially was scheduled for Wednesday, but it has been postponed.
The senior official said that the delays are due primarily to scheduling issues — “there are a lot of other things going on in the world” — that are pressing on officials’ time.
What is clear, though, is that the law enforcement argument is “just not carrying the day,” said a second senior official, who, like several others, was not authorized to speak on the record. “People are still not persuaded this is a problem. People think we have not made the case. We do not have the perfect example where you have the dead child or a terrorist act to point to, and that’s what people seem to claim you have to have.”
[FBI chief: Terrorist group turning to encrypted communications]
The draft paper was a “snapshot at a point in time” and does not reflect recent updates, the first senior official said. Nonetheless, other officials said, they capture themes heard in the current debate.
Notably, in drawing up the paper, aides had removed an option included in an earlier draft that would have encouraged legislation or other “compulsory” actions. No one, including law enforcement, officials said, thinks it is a realistic option today.
The option to “disavow legislation” was added in July at the urging of officials at economic and trade agencies, a third senior official said.
This option, NSC aides said in the paper, “would remove technology companies’ most consistent grievance with the administration,” and it might improve cooperation on the issue of encryption.
“Overall, the benefits to privacy, civil liberties and cybersecurity gained from encryption outweigh the broader risks that would have been created by weakening encryption,” the paper stated.
This option also would “clearly differentiate” U.S. policy from moves by China and others to mandate decryption and would bolster the United States’ reputation “as a leading source” of secure products and services, it added.
But, the paper said, the option would “not provide any relief” to law enforcement in the near term.
Litt, in his e-mail, quipped: “I think one could equally or more accurately say that it will not provide ANY relief, ever.”
He also took issue with the assertion that a strong statement from the United States could dissuade authoritarian regimes from seeking compulsory legislation of their own. “Really?” he wrote. “Does anyone seriously believe that if the U.S. says we won’t seek access, the Chinese and Russians will say, ‘OK, you are right. We’ll give up?’ I don’t think so.”
Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.
Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.