President Obama’s Encryption Stance Clashes with Technology Reality

| The Back Page

President Barack Obama was asked about the encryption fight, as personified by the legal fight between the FBI and Apple, and his response is an excellent example of what happens when political will clashes with technology reality.

The president made his comments at South by Southwest (SxSW), where he did a panel with Texas Tribune editor Evan Smith. You can watch that panel in its entirety below. Note that there are 32 minutes of wait at the beginning—skip ahead accordingly. Also note that the interview covers much more than just this one issue and it's worth the watch.

I strongly disagree with the president on this issue, but his comments offered me a moment of clarity that might be worth exploring.

People with strong opinions on the subject of privacy, encryption, and law enforcement come down in four camps that I can identify.

Camp 1: People who believe that the government has no business snooping into our digital stuff, ever, so yay encryption!

Camp 2: People who believe encryption is necessary to protect ourselves from legions of malicious actors on the global stage, and understand that encryption is binary. You either have unbreakable encryption or you have pointless encryption.

Camp 3: People who believe that privacy is important, but believe it is equally (or more) important for law enforcement to be able to get information through a lawful warrant. This camp believes a compromise with the tech world should be reached, suggesting they don't grasp the above-mentioned binary nature of encryption.

Camp 4: People who are pro law-enforcement and pro-national security as viewed through a lens where the binary aspect of encryption is irrelevant. For many members of this camp, if encryption is binary then it's got to go, because nothing is more important than law-enforcement and the subset of national security that is our good guys tracking down the bad guys.

Obviously individuals will have some overlap, and I don't mean for my little list to be some kind of absolute classification. But I believe strongly that understanding people who disagree with you is key to having conversations, and recognizing where someone is coming from is a key component to understanding them.

Me, I'm in Camp 2. I fancy Apple CEO Tim Cook is in that camp, as well, as is former CIA and NSA Director General Michael Hayden. Encryption experts that I've studied over the years appear to be in this camp, too.

Representatives Trey Gowdy (R-SC) and Jim Sensenbrenner (R-WI) are likely in Camp 4, based on their public comments.

President Obama and Microsoft Chairman Bill Gates appear to be in Camp 3. I'd guess that FBI Director James Comey is in that camp, as well.

Next: The President's Stance and Why He's Wrong

Comments

MarcusNewton

It saddens me to see the President advocating for a mythical semi-strong encryption that keeps bad guys out but lets good guys in.  I agree with Bryan, encryption is binary.

I thought it was odd, and a bad example, that he would say “If the government can’t get in, everyone is walking around with a swiss bank account in their pocket.”  Swiss bank accounts do exist and are legal.  So does that mean he is going to outlaw swiss bank accounts?

Stepping into the conspiracy rabbit hole for a moment, the fact that the President does not seem to fully understand what Apple is trying to protect tells me that the other tech companies already allow backdoors for the government. [exiting rabbit hole]

Something I do not understand is the issue of warrants for digital devices.  For example, if a police office wants to search my home they need to present to me a warrant before they can conduct their search.  But it seems with these digital warrants (or whatever they are called) allow law enforcement to remotely enter, search, and exit the device without the owner of the device ever knowing anyone was there.  If I have that correct, then these digital warrants are no different then covert espionage.

skipaq

The Swiss bank account reference has more to do with money than data. The common threads to them is the government’s inability to get it hands on what is in them. Data feeds the government information it wants and money through taxation gives it the power to do what it wants. Apple has locked the data in our iPhones and has locked up their money overseas. The administration has made it plain that it does not like Apple in these two areas.

aardman

There is also the simple fact that if you break iOS’s built in encryption, then highly organized terrorists and criminals (the ones who can do real damage) can just install one of the hundred plus 3rd party encryption systems available to the public.  One of those systems was built and released by the US government to aide dissidents abroad, by the way.

Lee Dronick

What he is saying publicly may be different than what he thinks privately.

It will probably end up in the Supreme Court.

ibuck

For many members of this camp (4), if encryption is binary then it’s got to go, because nothing is more important than law-enforcement and the subset of national security that is our good guys tracking down the bad guys.

The issue for me is that we have bad guys that think they are good guys. Guys who believe they can break some parts of the law while enforcing others, and those parts are largely THEIR CHOICE. Some of their thinking is “The end justifies the means,” and part of it some of it is that “rank (or position or a uniform) hath privileges.” That is, that they can do with impunity some things others would get into trouble doing. Thus they feel they are above the law, but probably would not admit it. This may lead to these bad actors behaving as if they were judge, jury and executioner. These bad guys include a sheriff in Polk County, Florida, some others in uniformed law enforcement, and a hostile man currently running for President. And perhaps people in the US Department of Justice.

The problem is that their choice of laws they need not follow are supported by the majority of US citizens (as revealed in polls). These bad actors sometimes object to parts of the law they derisively refer to as “Politically Correct,” despite these parts of the law having been passed by legislative bodies and upheld in our courts.

It is my hope that the judges who will decide this case place more weight on the Constitution and Bill of Rights than on the feelings of these bad (corrupt) guys.

ibuck

The problem is that their choice of laws they need not follow are supported by the majority of US citizens (as revealed in polls).

Correcting for omitted word.  It should read:
The problem is that their choice of laws they need not follow are LAWS supported by the majority of US citizens (as revealed in polls).

vpndev

The big problem for Obama and the FBI is that encryption is not controlled solely by Apple, or the tech companies generally.

The Pandora’s Box has been opened and no amount of wishing will put the technology back inside. And, after the “crypto wars” of the 1990’s, more than a few companies in this area have established themselves overseas - far from the reach of US authorities. There is NO way to eliminate use of encryption by those determined to use it.

Doing what the FBI wants won’t give it much information, if any at all. After all, the shooters totally destroyed their personal phones and ignored this one. But doing what the FBI wants WILL increase the risk for everyone else.

Lee Dronick

Speaking of encryption:

A Linux developer staying in a hotel for a conference has found, with very little experimentation, that he was able to use the establishment’s innovative Android-based room lighting controls to hop onto the network and gain access to the environmental controls in every other room in the hotel.

https://thestack.com/security/2016/03/12/matthew-garrett-android-hotel-light-switches-modbus/

bbh

This debate is driving me more and more into the extreme Libertarian camp. It seems at least one of the sides here has lost sight of who works for who. When “We the People” say STOP, you’ve gone far enough into our privacy, Government’s response should be “yessir”. Instead we get gloom and doom “we’re doing this for your safety” declarations that Government wants more and more despite what “We the People” want. This is the slippery slope to the Police State that most of us, I presume, don’t want.

gnasher729

As an example how the FBI works in a disengionous way: One common example that they bring up again and again is a crime victim who has disappeared or has been killed and isn’t able to operate their phone, the phone is available and suspected to hold information that could help solve the crime, it is highly likely that the victim would want the police to have that information, but the phone is locked.

The obvious but not very secure solution is to give your passcode to a trusted person. Obvously not good because that “trusted” person can now sneak into your phone. Here is a safe solution:

Apple sets up a system where they remember a code for you. And they give you a tiny app where you can enter your passcode X and it shows a different passcode Y, or a different passcode Y and it will show your passcode X. The conversion is based on the code that is held by Apple. Nobody can use Y to unlock your phone. There’s no way to find X based on the code Y without getting the code from Apple. But in an emergency the FBI can send your phone number with a warrant to Apple and get the conversion code.

If you don’t want this feature anymore, you just change your passcode from X to Z. Whoever has Y may be able to somehow find your old passcode X, but not Z. Thieves can’t use it, because they would (1) find someone knowing Y, and (2) manage to get a forged search warrant. Parents can’t use it to sneak into their kids phones, because they’d need a search warrant.

What would be even better would be a legal framework so that Apple would only have to release the code if there is a search warrant, and if it is in the interest of the phone’s owner. So if you hold your kid’s second number in case they are kidnapped, the police can’t unlock the phone to find evidence of a crime that the kid committed.

webjprgm

@gnasher729 The attack could be either to hack Apple and get the code database or to man-in-the-middle the communication of Y to Apple. You say no one can get X from Y without Apple’s algorithm? Bad assumption. Modern cryptography is based on the assumption that all parties, including the bad guys, know the algorithm so it is the secret that needs to be guarded. Someone could figure out the algorithm. Now if that algorithm were basically encrypting X with an RSA key to create Y, then Apple may have the only copy of the decryption key to turn Y back into X. OK, but then we’re back to the state where the weak point is to hack Apple. This is exactly the same situation where Apple has the only copy of the backdoored iOS. If we are worried about that, then we’re worried about Apple holding our unlock keys in any form.

By the way, if you do want a system of other trusted parties holding your password, I’d prefer it be designed like cold war movie missile keys where there are two keys held by two separate parties so no one entity could secretly use it alone. I don’t 100% trust Apple to not use my password and I don’t trust the government to not use it either, so each would have to hold only half a key.

What would this solve? Per @gnasher729’s idea it is for the case of a victim who cannot unlock the device him/herself and it is in his/her best interest. It does not solve the case of terrorists or criminals since they can just not register their password with any 3rd party. Therefore it is an entirely different debate than the current national encryption debate which focuses on terrorists and criminals.

Scott B in DC

It’s all the wrong argument. Encryption is not breakable. What is breakable are the support functions around encryption. Those support functions are the foundation of data security. If you break the foundation the structures fall down, just like if you break the foundation of a building the building will crumble.

Break the foundation and those who want encryption will move elsewhere. The next place is to an off-shore company outside of the United States’ jurisdiction. The islands are nice and warm, mon, and outside of the FBI’s reach!

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account