Related:

10 July 2015, NYT: Hacking of Government Computers Exposed 21.5 Million People

8 July 2015, NYT: Security Experts Oppose Government Access to Encrypted Communication

6 July 2015, MIT: Computer Science and Artificial Intelligence Laboratory: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (PDF)

20 May 2015, NYT: Tech Giants Urge Obama to Reject Policies That Weaken Encryption

27 September 2014, NYT: Signaling Post-Snowden Era, New iPhone Locks Out N.S.A.
http://www.nytimes.com/2015/10/11/us/politics/obama-wont-seek-access-to-encrypted-user-data.html

OCT. 10, 2015

Obama Won't Seek Access to Encrypted User Data

By NICOLE PERLROTH and DAVID E. SANGER

CUPERTINO, Calif. -- The Obama administration has backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices, concluding that it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit.

With its decision, which angered the F.B.I. and other law enforcement agencies, the administration essentially agreed with Apple, Google, Microsoft and a group of the nation's top cryptographers and computer scientists that millions of Americans would be vulnerable to hacking if technology firms and smartphone manufacturers were required [1] to provide the government with "back doors," or access to their source code and encryption keys.

That would enable the government to see messages, photographs and other data now routinely encrypted on smartphones. Current technology puts the keys for access to the information in the hands of the individual user, not the companies.

The first indication of the retreat came on Thursday, when the F.B.I. director, James B. Comey, told the Senate Homeland Security and Governmental Affairs Committee that the administration would not seek legislation to compel the companies to create such a portal.

But the decision, made at the White House a week ago, goes considerably beyond that.

While the administration said it would continue to try to persuade companies like Apple and Google to assist in criminal and national security investigations, it determined that the government should not force them to breach the security of their products. In essence, investigators will have to hope they find other ways to get what they need, from data stored in the cloud in unencrypted form or transmitted over phone lines, which are covered by a law that affects telecommunications providers but not the technology giants.

Mr. Comey had expressed alarm a year ago after Apple introduced an operating system that encrypted virtually everything [2] contained in an iPhone. What frustrated him was that Apple had designed the system to ensure that the company never held on to the keys, putting them entirely in the hands of users through the codes or fingerprints they use to get into their phones. As a result, if Apple is handed a court order for data -- until recently, it received hundreds every year -- it could not open the coded information.

Mr. Comey compared that system to the creation of a door no law officers could enter, or a car trunk they could not unlock. His concern about what the F.B.I. calls the "going dark" problem received support from the director of the National Security Agency and other intelligence officials.

But after a year of study and extensive White House debate, President Obama and his advisers have reached a broad conclusion that an effort to compel the companies to give the government access would fail, both politically and technologically.

"This looks promising, but there's still going to be tremendous pressure from law enforcement," said Peter G. Neumann, one of the nation's leading computer scientists and a co-author of a paper [3] that examined the government's proposal for special access. "The N.S.A. is capable of dealing with the cryptography for now, but law enforcement is going to have real difficulty with this. This is never a done deal."

In the paper, released in July, [4] Mr. Neumann and other top cryptographers and computer scientists argued that there was no way for the government to have a back door into encrypted communications without creating an opening that would be exploited by Chinese and Russian intelligence agents, cybercriminals and terrorist groups.

Inside the White House, the Office of Science and Technology Policy came largely to the same conclusion. Those determinations surprised the F.B.I. and local law enforcement officials, who had believed just months ago that the White House would ultimately embrace their efforts.

The intelligence agencies were less vocal, which may reflect their greater capability to search for and gather information. The National Security Agency spends vast sums to get around digital encryption, and it has tools and resources that local law enforcement officials still do not have and most likely never will.

Disclosures by the former N.S.A. contractor Edward J. Snowden showed the extent of the agency's focus on cracking and circumventing the encryption of digital communications, including those of Apple, Facebook, Google and Yahoo users.

There were other motivations for the administration's decision. Mr. Obama and his aides had come to fear that the United States could set a precedent that China and other nations would emulate, requiring Apple, Google and the rest of America's technology giants to provide them with the same access, officials said.

Timothy D. Cook, the chief executive of Apple, sat at the head table with Mr. Obama and Xi Jinping, the Chinese president, at a state dinner [5] at the White House last month. According to government officials and industry executives, Mr. Cook told Mr. Obama that the Chinese were waiting for an opportunity to seize on administration action to insist that Apple devices, which are also encrypted in China, be open to Beijing's agents.

In January, three months after Mr. Comey began pressing companies for special government access, Chinese officials had threatened [6] to do just that: They considered submitting foreign companies to invasive audits and requiring them to build back doors into their hardware and software. Those rules have not been put into effect.

The Obama administration's position was also undercut by officials' inability to keep their own data safe from Chinese hackers, as shown by the extensive cyberattack [7] at the Office of Personnel Management discovered this year. That breach, and its aftermath, called into question whether the government could keep the keys to the world's communications safe from its adversaries in cyberspace.

White House officials said they would continue trying to persuade technology companies to help them in investigations, but they did not specify how.

"As the president has said, the United States will work to ensure that malicious actors can be held to account, without weakening our commitment to strong encryption," said Mark Stroh, a spokesman for the National Security Council. "As part of those efforts, we are actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors' use of their encrypted products and services. However, the administration is not seeking legislation at this time."

But here in Silicon Valley, executives did not think the government's announcement went far enough.

According to administration officials and technology executives, Mr. Cook of Apple has pressed the White House for a clear statement that it will never seek a back door in any form, legislative or technical -- a statement he hoped to take to Beijing, Moscow and even London. Prime Minister David Cameron of Britain has threatened [8] to ban encrypted devices and services, like the iPhone and Facebook's popular WhatsApp messaging service, but has done nothing so far to make good on that threat.

Technology executives are determined to reassure customers abroad that American intelligence agencies are not reading their digital communications. It is an effort driven by economics: 64 percent of Apple's revenue originates overseas.

Apple, Google, Facebook and Microsoft argue that people put not only their conversations but their entire digital lives -- medical records, tax returns, bank accounts -- into a device that slips into their pocket. While Mr. Obama has repeatedly said he is sympathetic to the concerns of law enforcement officials, he made clear during a visit to Silicon Valley in February that he was also aware of privacy concerns and that he sought to balance both interests.

Technologists responded that, with regard to encryption, no such balance existed. "The real problem is, I don't see any middle ground for dumbing down everything to make special access possible and having the secure systems we need for commerce, government and everything else," Mr. Neumann said.

[1] http://www.nytimes.com/2015/05/20/technology/tech-giants-urge-obama-to-reject-policies-that-weaken-encryption-technology.html

[2] http://www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-signaling-a-post-snowden-era-.html

[3] http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf

[4] http://www.nytimes.com/2015/07/08/technology/code-specialists-oppose-us-and-british-government-access-to-encrypted-communication.html

[5] http://www.nytimes.com/2015/09/26/world/asia/state-dinner-for-xi-jinping-has-high-tech-flavor.html

[6] http://www.nytimes.com/2015/01/29/technology/in-china-new-cybersecurity-rules-perturb-western-tech-companies.html

[7] http://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html

[8] http://bits.blogs.nytimes.com/2015/01/12/british-prime-minister-suggests-banning-some-online-messaging-apps/