Capitol Hill privacy hawks and digital rights groups are pressing President Obama to publicly disavow any guaranteed government access to encrypted data after winning small concessions in recent weeks.
For the last year, Silicon Valley, privacy advocates and a bipartisan coalition of lawmakers have been sparing with the administration over what they see as a lack of support for total online privacy. But in recent weeks, leaked memos have shown the White House potentially backpedaling from its desire for a technological solution that would let investigators bypass encryption.
Privacy advocates and major tech companies have jumped on these signals, petitioning the White House this week and imploring Obama to support robust encryption, even if it locks out law enforcement. Doing so, they say, would affirm a U.S. commitment to human rights, stymie hackers, help tech firms compete abroad and set an example for the world as countries determine how to regulate the Internet.
“The administration has a real moment right now when they can define encryption policy and really set the tone not just in the U.S., but in the rest of the world,” said Neema Singh Guliani, a legislative counsel with the American Civil Liberties Union (ACLU), part of the coalition that launched the petition.
The FBI and Department of Justice (DOJ) have long countered that Congress and tech companies should instead help solve what they call the “going dark” problem. Because of unbreakable encryption, officials say investigators can’t get at digital data, even when armed with a warrant. The result will soon be a haven for criminals and terrorists, they say.
The White House petition this week urged the president to split from the FBI and DOJ.
“Publicly affirm your support for strong encryption,” it said. “Reject any law, policy, or mandate that would undermine our security.”
Technologists unanimously agree that any method ensuring access to encrypted data exposes that information to hackers and nefarious actors, “jeopardizing the security of communications systems generally,” Guliani said.
After four days, the petition was nearly a fifth of the way to the 100,000 signatures required in 30 days to trigger a White House response.
The appeal has broad tech backing. Top digital rights advocates like the Electronic Frontier Foundation and major industry groups like the Computer and Communications Industry Association were signed on, as were Silicon Valley bigwigs like Twitter and preeminent privacy-focused tech companies like DuckDuckGo, Silent Circle and the Tor Project.
The argument also has support from Capitol Hill’s digital privacy-minded wing.
“The White House, like members of Congress, have to balance a lot of different issues,” said Rep. Ted Lieu (D-Calif.), who has a computer science degree from Stanford University and hammered FBI officials over their encryption stance in a series of hearings this year.
“The FBI is pretty much focused solely on one issue, which is law enforcement,” Lieu added in an interview with The Hill. “That’s their mission. I get it. That’s important. But there’s more to this issue than just law enforcement’s view. You have to look at the consumer’s point of view, you have to look at the tech industry, you have to look at how this affects how we interact with other countries.”
Sen. Ron Wyden (D-Ore.), a staunch digital privacy advocate, was more direct.
“Immediately after FBI Director [James] Comey said that he was going to push for [guaranteed access], I said, let’s be clear what this is all about,” he told The Hill. “It’s essentially requiring American companies to build weaknesses into their products.”
The attempt to force Obama’s hand comes on the heels of several White House disclosures that exposed the administration’s internal encryption debate.
First, it came out that a pro-encryption faction within the administration was working to convince Obama to publicly endorse widespread encryption.
Then last week, a leaked internal memo showed the White House had considered, but then dismissed, four possible approaches that would have let investigators bypass encryption.
Each proposal would have been a non-starter with the tech community, said Joe Hall, chief technologist with the Center for Democracy and Technology (CDT), which was also behind the petition. He found it “shocking” the administration had even considered some of the options, particularly one that would have required companies to build a physical, encrypted port into all devices.
But combined, the incidents gave technologists and privacy advocates a glimmer of hope in their entrenched battle over encryption with the Obama administration.
“I’m pleased,” Lieu said. “I think it’s because members of Congress have really pushed back against law enforcement at many of our committee hearings. I think that’s having an effect.”
And with countries around the world advancing a series of laws to force companies to weaken their encryption, it’s imperative that Obama move expediently in the opposite direction, privacy advocates argue.
India just withdrew a draft law that would have required Internet users to retain copies of messages sent over encrypted services, including Twitter and Facebook, but may bring it back up in the future.
China is considering its own laws that businesses worry will force them to use Beijing-approved encryption.
In France, civil rights activists are protesting a potential law nearing passage that would allow spying on overseas communications. And in the nearby United Kingdom, the government is expected to soon present a bill to Parliament that could ban encrypted apps and require companies to turn over consumer data.
“It is really incumbent on the administration to take a strong position on this now,” Guliani said. “It’s going to be a real important demonstration for the rest of the world.”
But there are considerable opposing forces, even within Obama’s own party, that want the White House to stay the course.
Unbreakable encryption is “a huge blind spot for our intelligence officials, for law enforcement, for national security-related purposes,” said Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus. “I am deeply concerned about that vulnerability.”
Congress and the administration need to continue exploring options for securing data, but maintaining access when needed, Langevin said.
“We have to wrestle with this equation,” he told The Hill. “And I don’t know exactly how we do this yet or what the right answer is, but hopefully we’ll come to some kind of reasonable solution. But we are not close yet.”
Rep. Bennie Thompson (D-Miss.), the top Democrat on the House Homeland Security Committee, agreed.
“Doing nothing is not a solution,” he said. “So while the administration might be backing off for whatever reason, we still have to go forward and see how we can protect our systems.”
With these countervailing factions, the intractable battle may continue for some time.
“If it doesn’t happen we’re all prepared to fight forever,” said CDT’s Hall. “It’s not like we’re going to go away.”
— Updated 8:13 a.m.