One-off opposition to calls on Congress from FBI Director James Comey and NSA Director Adm. Mike Rogers to draft a legal framework that would enable law enforcement to access encrypted communication has been scattered at best.

Experts have taken to their own forums to voice opposition to the government’s condemnation of technology companies’ use of strong encryption within their products and relinquishment of key management over that protection. Comey went so far as to say that such means of security would lead us “to a very, very dark place.”

That opposition, however, today was formalized when more than 150 privacy and security activists, along with dozens of technology companies, signed a definitive letter addressed to President Obama, airing out the case for strong encryption as the backbone to the digital economy and personal privacy.

“We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology,” the letter states. “Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad.”

The movement, and coalition of experts and companies, was organized by the Open Technology Institute. The coalition’s letter argues for the benefits of encryption, while pointing out that Rogers’ proposal for a mandatory backdoor—or frontdoor as he calls it—would only create vulnerabilities in products that could be exploited by criminals and nation states interested in profit, corporate espionage, oppressing citizens, or conducting foreign intelligence gathering.

“Knowing that the White House is currently weighing the issue, we thought it important to ensure that President Obama heard now a clear and unified message from the Internet community: encryption backdoors are bad for privacy, bad for security, bad for human rights, and bad for business,” said Kevin Bankston, policy director for the Open Technology Institute. “They’re just bad policy, period.”

The genesis of this discussion started when Apple and Google encrypted iOS and Android devices, respectively, by default; both companies also relinquished their hold on the encryption keys, meaning that even if compelled by the government via a warrant or National Security Letter, neither company would have anything to hand over. The government argues that this greatly inhibits their ability to investigate criminal activity.

The tide may be turning against the anti-encryption movement on the Hill. During a recent House Committee on Oversight and Reform hearing, Rep. Ted Lieu (D-Calif.), who holds a degree in computer science, called the testimony of law enforcement officials offensive and a “fundamental misunderstanding of the problem.” Lieu said Apple and Google’s actions were a response to intelligence agency surveillance activities, and pointed out that private companies don’t have the coercive powers that the government does.

“And to me it’s very simple to draw the privacy balance when it comes to law enforcement privacy. Just follow the damn Constitution. And because the NSA and other law enforcement agencies didn’t do that, you’re seeing a vast public reaction to this,” Lieu said. “Because the NSA, your colleagues, have essentially violated the Fourth Amendment rights of every American citizen for years by seizing all of our phone records and collecting our Internet traffic, that now is spilling over into other aspects of law enforcement.”

Bankston said the coalition’s letter equates to a line in the sand.

“Put simply, it’s time for the White House to come out strong in support of strong encryption, here in the U.S. and around the globe. Securing cyberspace is hard enough without shooting ourselves in the foot with government-mandated vulnerabilities,” Bankston said. “It’s time for America to help lead the world toward a more secure future, rather than toward a digital ecosystem riddled with vulnerabilities of our own making.”

Categories: Critical Infrastructure, Cryptography, Government

Comment (1)

Comments are closed.