Obama brain trust sidesteps mandatory hackers' backdoor idea
Accessible encryption given boot for being too hard, rather than for being morally suspect
An Obama administration working group mulled four mechanisms for breaking the encrypted smartphones of terrorist and criminal suspects before rejecting them all as too politically fraught or impractical.
While planting backdoors was "technically feasible", each method risked becoming a focus of attacks by third parties and posed a risk to relations with tech firms, who might be less inclined to co-operate with other initiatives as a result.
Law enforcement officials and intel agencies have heightened warnings over the last year or so that web communications are going dark due to greater use of encryption in the latest generation of smartphones and messaging apps.
Spooks want access to any communications via a warrant, but that's simply not possible if well engineered end-to-end encryption has been applied.*
The working group considered four technical methods towards implementing what is described as "accessible encryption" – an emphasis independent security experts were quick to mock as like TSA-compliant locks on suitcases.
One of the main candidates for working around encryption was compromising vendors' update channels, an approach deemed unwieldy and problematic because it relied on users applying updates. Forced back-up and splitting of encryption keys, an option floated by NSA director Michael S Rogers earlier this year, were also considered. Adding a new physical, encrypted port to their devices for access by law enforcement was looked at but was considered too costly.
“Any proposed solution almost certainly would quickly become a focal point for attacks,” said the unclassified memo, put together by officials from law enforcement, intelligence, diplomatic and economic agencies for eventual debate by Cabinet members, the Washington Post reported.
“Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce ‘backdoors’ or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation,” the memo said.
Instead of developing a 21st century equivalent to the infamous Clipper Chip of the '90s, governments should agree a framework with industry that respected key principles such as no backdoors and so-called “golden keys” for the government to gain access to data.
The whole discussion represents the results of a technical evaluation of encryption policy options for the Obama administration. A leaked memo from the National Security Council, published by The Washington Post earlier this month, lays out the political options facing Obama in handling the encryption issue over the last year or so of his presidency, as explained in our earlier story here. ®
* Even without a convenient backdoor the situation is far from hopeless for police and intel agencies. Mistakes made by suspects or weak passwords can offer a way in, as has been demonstrated on numerous occasions.