The Obama Administration’s Encryption Views Are All Over the Map

From left, FBI Director James Comey, CIA Director John Brennan, and Director of National Intelligence James Clapper sit together in the front row before President Barack Obama spoke about National Security Agency (NSA) surveillance, Friday, Jan. 17, 2014,

Carolyn Kaster/AP

AA Font size + Print

From left, FBI Director James Comey, CIA Director John Brennan, and Director of National Intelligence James Clapper sit together in the front row before President Barack Obama spoke about National Security Agency (NSA) surveillance, Friday, Jan. 17, 2014,

Some government officials are focused on catching criminals, while others worry about empowering hackers.

The wide­spread use of en­cryp­tion is mak­ing it in­creas­ingly dif­fi­cult for the gov­ern­ment to catch gang­sters, child pred­at­ors, and ter­ror­ists, a top Justice De­part­ment of­fi­cial warned Monday at a tech­no­logy-policy con­fer­ence.

“The De­part­ment of Justice is com­pletely com­mit­ted to seek­ing and ob­tain­ing ju­di­cial au­thor­iz­a­tion for elec­tron­ic evid­ence col­lec­tion in all ap­pro­pri­ate cir­cum­stances,” Leslie Cald­well, the head of the Justice De­part­ment’s Crim­in­al Di­vi­sion, said in a speech to the State of the Net Con­fer­ence. “But once that au­thor­iz­a­tion is ob­tained, we need to be able to act on it if we are to keep our com­munit­ies safe and our coun­try se­cure.”

But just minutes after Cald­well fin­ished her speech, an­oth­er top Obama ap­pointee took the stage at the New­seum in Wash­ing­ton, D.C. to de­liv­er al­most the ex­act op­pos­ite mes­sage to the audi­ence of tech-in­dustry in­siders: En­cryp­tion helps pro­tect con­sumers from hack­ers, ar­gued Ter­rell Mc­Sweeny, a Demo­crat­ic mem­ber of the Fed­er­al Trade Com­mis­sion.

“As a per­son charged with think­ing about con­sumer pro­tec­tion, I deeply worry about things like man­dat­ory back­doors,” Mc­Sweeny said. “We need to be very mind­ful of con­sumer data se­cur­ity, and we should be very, very care­ful about any­thing that un­der­mines that data se­cur­ity.”

The com­ments are just the latest ex­ample of top Obama ad­min­is­tra­tion of­fi­cials of­fer­ing con­flict­ing views on how to ad­dress the grow­ing use of en­cryp­tion, which can thwart both law en­force­ment agents and crim­in­als from gain­ing ac­cess to sens­it­ive data.

See also: ISIS-Endorsed Encryption Provider to Begin Screening Customers

FBI Dir­ect­or James Comey ig­nited the de­bate over en­cryp­tion with a speech in 2014, in which he warned that crim­in­als are in­creas­ingly “go­ing dark” from gov­ern­ment sur­veil­lance.

The FTC is an in­de­pend­ent agency, so Mc­Sweeny isn’t re­quired to be in lock­step with the FBI or any oth­er part of the ex­ec­ut­ive branch. The com­mis­sion reg­u­lates con­sumer-pro­tec­tion is­sues, in­clud­ing pri­vacy and data se­cur­ity. But Mc­Sweeny is not the only of­fi­cial to ex­press con­cerns with policies that could weak­en en­cryp­tion.

Spend­ing time ar­guing about, ‘Hey, en­cryp­tion is bad and we have got to do something about it’—that is a waste of time to me.
Adm. Mike Rogers, director of the NSA

Even Na­tion­al Se­cur­ity Agency Dir­ect­or Mike Ro­gers said last week that “en­cryp­tion is found­a­tion­al to our fu­ture” and that un­der­min­ing en­cryp­tion could lead to more massive hacks, like the breach of mil­lions of fed­er­al re­cords at the Of­fice of Per­son­nel Man­age­ment, which was al­legedly con­duc­ted by Chinese hack­ers. “Spend­ing time ar­guing about, ‘Hey, en­cryp­tion is bad and we have got to do something about it’—that is a waste of time to me,” Ro­gers said in a dis­cus­sion at the At­lantic Coun­cil.

As the head of the NSA, Ro­gers has com­pet­ing in­terests when it comes to cy­ber­se­cur­ity. Strong “end-to-end” en­cryp­tion, in which mes­sages are in­ac­cess­ible even to the tech com­pan­ies trans­mit­ting the data, makes it harder for the NSA to con­duct sur­veil­lance. But the NSA’s mis­sion is also to pro­tect U.S. net­works from for­eign hack­ers—a job that’s made easi­er by stronger se­cur­ity meas­ures.

That ten­sion between en­sur­ing leg­al gov­ern­ment ac­cess to data while keep­ing out hack­ers is at the heart of the ad­min­is­tra­tion’s con­flic­ted ap­proach to en­cryp­tion. Most tech­no­logy ex­perts warn that any “back­door” for gov­ern­ment ac­cess can, at least in the­ory, also be ex­ploited by hack­ers.

After a lengthy in­tern­al de­lib­er­a­tion, the White House con­cluded last year that it would not ask Con­gress to pass le­gis­la­tion en­sur­ing gov­ern­ment ac­cess to en­cryp­ted data. In­stead, the White House is fo­cused on work­ing with tech com­pan­ies to try to find some oth­er vol­un­tary solu­tion to ad­dress the is­sue. Seni­or ad­min­is­tra­tion of­fi­cials, in­clud­ing White House Chief of Staff Denis Mc­Donough, met with CEOs of ma­jor tech com­pan­ies in San Jose, Cali­for­nia earli­er this month to dis­cuss en­cryp­tion (among oth­er is­sues).

But the White House’s de­cision hasn’t settled the de­bate in Con­gress. Sen­ate In­tel­li­gence Com­mit­tee Chair­man Richard Burr and rank­ing mem­ber Di­anne Fein­stein are work­ing on le­gis­la­tion to force tech com­pan­ies to com­ply with court or­ders for data. Sen. Mark Warner, a Vir­gin­ia Demo­crat, and House Home­land Se­cur­ity Chair­man Mi­chael Mc­Caul, a Texas Re­pub­lic­an, want to take a more cau­tious ap­proach and cre­ate a com­mis­sion to study the is­sue more thor­oughly.

Read more: Obama’s Dog Whistle on Encryption

For the pro­ponents of gov­ern­ment ac­cess to data, the ter­ror­ist at­tacks last year in Par­is and San Bern­ardino ad­ded even more ur­gency to the de­bate. Speak­ing at Monday’s tech con­fer­ence, the Justice De­part­ment’s Cald­well said that a shoot­er in Gar­land, Texas last year sent more than 100 text mes­sages to an over­seas ter­ror­ist.

“We have no idea what he said be­cause it was en­cryp­ted,” she said. “That is a big prob­lem. We have to grapple with it.”

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    View
  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

    View
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    View
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    View
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    View

When you download a report, your information may be shared with the underwriters of that document.