Cybersecurity

White House considered, dismissed encryption access ideas

The Obama administration looked into four possible approaches that would have allowed law enforcement guaranteed access to encrypted data, The Washington Post reports.

But while the White House decided each option was “technically feasible,” officials have decided against offering them as official “administration proposals” or even releasing them publicly.

{mosads}The decision to keep the long anticipated solutions private comes after months of consideration and pushback from the tech community, who has strongly opposed any mandated government access to consumer data.

“Any proposed solution almost certainly would quickly become a focal point for attacks,” said the unclassified memo, which The Post obtained.

“Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce ‘backdoors’ or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation,” it continued.

National Security Council spokesman Mark Stroh confirmed that “these proposals are not being pursued,” he said.

“The United States government firmly supports the development and robust adoption of strong encryption, while acknowledging that use of encryption by terrorists and criminals to conceal and enable crimes and other malicious activity can pose serious challenges to public safety,” he added in a statement. “The administration continues to welcome public discussion of this issue as we consider policy options.”

Indeed, in recent months, law enforcement officials, such as FBI Director James Comey, have changed their message slightly, urging tech leaders to come to the table and create their own encryption access solution.

“There shouldn’t be venom,” Comey said during an early September House Intelligence Committee hearing. “We should all care about the same thing.”

“I really believe we have not given this the shot it deserves,” he added.

Initially, officials had pressed for possible legislative action that would force companies to decrypt data when compelled by a warrant.

The tech community rebelled, insisting the action was tantamount to requring encryption “backdoors,” an intentional weakness built in just for government access. Cryptologists and privacy hawks on Capitol Hill maintain that nefarious actors, such as hackers and foreign spies, would inevitably exploit any backdoor.

Opponents would have taken issue with any of the proposals explored in the White House memo.

The first approach would have had companies build a physical, encrypted port for their devices. Law enforcement would need physical access to the device and a warrant to compel the company to unlock this port. The memo noted that while this solution might have high up-front costs, it would mitigate some of the cybersecurity concerns.

The second option would have companies install spyware onto a targeted customers’ device through a regular software update. But the memo cautioned that this approach might make people wary of necessary software updates, which are often used to improve a device’s security.

A third way was actually publicly proffered by National Security Agency Director Adm. Michael Rogers. It involved companies splitting up encryption keys and having different parties control the various pieces. Only with a court order would the keys get recombined. Cryptologists were wary of this proposal when it was initially floated, and the memo conceded that it would be “complex to implement and maintain.”

The final solution would have required companies to store a backup of all data uploaded to an encrypted device in another, unencrypted location.

All four approaches are tantamount to the much maligned “backdoor,” which is partly why the administration decided not to move forward with any one idea.

Rogers is scheduled to testify before the Senate Intelligence Committee on Thursday, where he is expected to face questions about encryption.