What Does Obama's Cryptic Message on Technology Really Mean?
For only the third time in his presidency, President Obama delivered a Sunday night address from the Oval Office, to assure the nation that the White House has a distinct, four-part plan to address the threat of terrorism in the wake of the shooting that took the lives of 14 people in San Bernardino.
In his plan, which can be read in full here, he left a tiny, cryptic message for Silicon Valley: "I will urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice."
The language is vague — he could be talking about any use of technology that allows for the evasion of capture or detection. But for surveillance experts and those who have been following the unravelling saga of government spying since the Snowden leaks, what the president is alluding to is all too specific and clear: weakening encryption standards.
Since the attacks on Paris, the debate over what to do about encryption, the algorithmic scrambling of information that keeps communications safe from snooping, has come under consideration by politicians and national security officials once again — regardless of the fact that the most recent intel suggests the Paris attacks were planned without using encrypted systems.
Hillary Clinton has repeatedly asked Silicon Valley to find some sort of compromise with government officials, and intelligence and law enforcement like CIA Director John Brennan and NYPD Commissioner Bill Bratton have both called upon Silicon Valley to find a solution that prevents terrorists and other malicious actors from communicating online without also allowing U.S. security to peek in.
But while pundits and politicians claim that Silicon Valley is being resistant out of selfishness or lack of compliance, what legislators are really asking technologists to provide is either impossible or dangerous to Internet security.
Here's the problem: Weakening encryption doesn't really make sense. Tech giants like Google, Apple, Twitter, LinkedIn, Facebook, Tumblr, Yahoo, Snapchat, Dropbox and Microsoft are almost unanimously opposed to weaker encryption standards. These companies and many others have taken a stand against encryption standards that are either weak enough to be easily broken or include some sort of "backdoor" that would let federal agents in.
"It may make someone feel good for a moment, but it's not really of benefit," Apple CEO Tim Cook told the Telegraph last month. "If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It's the good people. The other people know where to go."
Why it's so tough to weaken encryption: Encrypting a message or website is done by running it through a mathematical algorithm, and the only way to "weaken" it would be to make the algorithm not strong enough to work properly, or to introduce a terminal flaw in that math so that it could be exploited by anyone — NSA and black-hat hackers alike.
Asking for encryption with backdoors is like asking for a submarine with a screen door that's supposed to allow in only one type of fish, but not the ocean. It's like asking for guns that fire for everyone except jihadists.
In the 1970s, the struggle against encryption was called the Crypto Wars, and the U.S. government's approach was to try to classify encryption as an exportable war munition. Eventually these proposals were beat back, largely by privacy protesters who demonstrated the absurdity of those proposals by doing things like printing the source code for RSA encryption on T-shirts to show how absurd it was to try to make an algorithm illegal.
The sort-it-out-yourselves approach: Unlike intelligence officials looking for increased surveillance or presidential candidates making stump speeches, the Obama administration has taken a much more sensible approach in the past. It hasn't pursued laws to create encryption backdoors.
"The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry," FBI Director James B. Comey said at a Senate hearing in October.
Jihadists use the same Internet tools we use for casual communication. They use social media like Twitter to spread propaganda, and they use custom encryption packages to communicate privately, the same way a reporter might chat with a source off the record.
It's unreasonable to blame Silicon Valley, as some have done, for not somehow finding an instant solution that would rid the Web of jihadist communication, because the damage done to their Internet is damage done to ours as well. The push to weaken encryption ignores the reality of how encryption works, and how vital it is to Internet security. All it does is turn the tech industry into an easy scapegoat.