Obama edges toward full support for encryption – but does he understand what that means?
Leaked doc says no backdoors, doesn't grasp basics of crypto
The Obama Administration is weighing whether to come out in full support of unfettered encryption, something that would be a huge blow to the Feds, who have been pushing for compulsory backdoors in all new tech.
But there's something in the President's proposals that aren't quite right.
The first would make it plain that the President opposes both a new law and other actions to introduce backdoors, and would see him speak in favor of the benefits of encryption.
The second option is to defer any decisions and push the issue into open consultation with the aim of coming back to the issue. And the third is to punt the issue into the long grass.
There is no option to push encryption, or to seek legislation for a compulsory backdoor.
Each option is provided with a rundown of the pros and cons of each approach and how it would likely be received by key stakeholder groups such as the tech industry, law enforcement, and civil society.
It's an old public policy trick to provide three options and then make two so unpalatable that the third – the right one – is chosen. In this case, only the "do nothing" option is off the table, amid the suggestion that it would make the US look indecisive, would annoy everyone, and would only be putting the issue off for a few months.
The second option is pitched as presenting a compromise that would allow the Administration to negotiate with other governments and the tech industry.
Neither are as strongly represented, however, as the first option to speak out in favor of encryption. It states: "Overall, the benefits to privacy, civil liberties, and cybersecurity gained from encryption outweigh the broader risks that would have been created by weakening encryption." It then goes on to press all the right buttons.
What are the pros and cons?
The proposal to both come out in favor of encryption and "disavow legislation and other compulsory actions" acknowledges that it would cause annoyance on the part of law enforcement, and that it would go against some allies' positions (including the UK), but it lists a series of positives from the government perspective.
Such a move would encourage better cooperation from the tech industry, which would improve public safety and national security (the US government recently announced an effort to share details of security holes in software, for example).
It would also grow the country's economy, as it would show that US products are not tools for government surveillance and "would clearly differentiate U.S. policy from moves by China and others to mandate decryption." Google, Apple, Amazon, and a significant number of other large tech companies have previously complained that the Snowden revelations have undermined people's faith in their products and caused economic losses.
Such an approach would also bolster trust in the US government. The memo doesn't mention Edward Snowden (the US government is never keen on mentioning his name) but it does note that the proposal "counters the narrative that the United States is seeking to expand its surveillance capability at the expense of cybersecurity, and could help repair trust in the United States Government and U.S. companies overseas."
The move would please civil liberties groups, could aid in trade negotiations, and would end up the "strongest option" overall, the memo states.
Sponsored: 2016 Cyberthreat defense report