19 May 2015, Civil Society Organizations, Companies and Trade Associations, Security and Policy Experts: Letter to Pres. Obama re. strong encryption technology, U.S. technology industry (PDF)
MAY 19, 2015
Tech Giants Urge Obama to Reject Policies That Weaken Encryption
By NICOLE PERLROTH
SAN FRANCISCO -- A collection of tech industry giants like Facebook, Google, Apple and Microsoft, as well as civil liberties organizations and Internet security experts, sent a letter to President Obama on Tuesday warning of the unintended consequences of any policy meant to weaken the encryption technologies that protect Internet communications.
The White House has been weighing whether to mandate that companies use only forms of encryption that provide law enforcement with the means for unscrambled access -- a so-called back door.
Critics in the technology industry are concerned that a back door for law enforcement in the United States would be a back door for everyone, including other governments and hackers. One Yahoo executive likened the proposal to "drilling a hole in the windshield."
"We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products," the letter to President Obama said. "We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology."
Google, Facebook, Apple and other tech companies have been moving to encrypt customers' communications so that the government cannot monitor them without going directly to the customer. The companies' efforts have been criticized by some in law enforcement who argue the toughened encryption will stymie their investigations.
The White House is weighing a proposal in which parts of the key to unlock digital encryption would be held by the government, and part would be held by the companies. That system was articulated by Michael S. Rogers, director of the National Security Agency, in a recent speech at Princeton University. He called for a compromise in the form of "key escrow," where the government would hold onto part of the encryption key and companies would hold onto the other, and it would be secured with "multiple locks -- big locks."
But technologists say such a solution simply does not work. The White House's own handpicked National Security Agency review group members, several of whom signed the letter on Tuesday, also recommended that the government support efforts to advance strong encryption.
The letter was signed by more than 140 tech companies and dozens of civil liberty, human rights and press freedom groups like the Electronic Frontier Foundation, Human Rights Watch and the Reporters Committee for Freedom of the Press. It was also signed by 60 security and policy experts including Whitfield Diffie, one of the co-inventors of the public key cryptography commonly used on the Internet today, and the former White House counterterrorism czar Richard A. Clarke, who was one of a handful of experts the White House asked to review its security policies after the revelations by Edward J. Snowden.
Apple recently switched on end-to-end encryption in its mobile operating system. Facebook turned on similar encryption in its WhatsApp messaging service. And Google has unveiled an end-to-end encryption system but has yet to turn it on as the default setting. Once it does, law enforcement will have to go directly to the user, not the companies, to read those messages.
Inside the United States, the most vocal critic of tougher encryption has been James B. Comey, the director of the Federal Bureau of Investigation. After Apple and Google's encryption announcements last fall, Mr. Comey told an audience that "encryption threatens to lead all of us to a very dark place."
"Sophisticated criminals will come to count on these means of evading detection," Mr. Comey said. "It's the equivalent of a closet that can't be opened. A safe that can't be cracked. And my question is, At what cost?"
But technologists say the government's arguments hold little water. "The president has been letting his top intelligence and law enforcement officials criticize companies for making their devices more secure, and letting them suggest that Congress should pass anti-encryption, pro-back-door legislation," Kevin Bankston, the co-director of New America's Cybersecurity Initiative, said Tuesday. "That's despite unanimous consensus in the technical community that back doors are bad for security, and despite lawmakers clearly signaling that they think it's a bad idea."
At a security conference last month, the nation's leading cryptographers sharply criticized the notion that the government has a safe way to read encrypted communications. "Technically speaking, there's a serious misunderstanding about key escrow," said Ron Rivest, one of the inventors of the widely used RSA encryption algorithm. "The head of the N.S.A. is misusing this idea."
Paul Kocher, president of Rambus's Cryptography Research division, said the government was mistaken in believing it could apply the Communications Assistance for Law Enforcement Act, which requires telecommunications companies to build allowances for law enforcement surveillance into cryptographic software.
"The amount of information that intelligence officials are collecting -- even if some sources go dark -- is dramatically more than it's been in history," Mr. Kocher said at a security conference last month. "The idea that we need to stop rolling out technology to keep our industries and businesses safe to keep a few sources from going dark is certainly not a trade-off."