Darkness?

In the wake of our recent, terrific panel on the “Going Dark?” debate, today the New York Times brings what appears to be big news from the executive branch:

The Obama administration has backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices, concluding that it is not possible to give American law enforcement and intelligence agencies access to that information without creating an opening that China, Russia, cybercriminals and terrorists could also exploit.

With its decision, which angered the F.B.I. and other law enforcement agencies, the administration essentially agreed with Apple, Google, Microsoft and a group of the nation’s top cryptographers and computer scientists that millions of Americans would be vulnerable to hacking if technology firms and smartphone manufacturers were required to provide the government with “back doors,” or access to their source code and encryption keys. . . .

In [a] paper, released in July, [Peter G.] Neumann and other top cryptographers and computer scientists argued that there was no way for the government to have a back door into encrypted communications without creating an opening that would be exploited by Chinese and Russian intelligence agents, cybercriminals and terrorist groups.

Inside the White House, the Office of Science and Technology Policy came largely to the same conclusion. Those determ.inations surprised the F.B.I. and local law enforcement officials, who had believed just months ago that the White House would ultimately embrace their efforts.

The Times story raises at least two follow-up questions that will warrant close attention:

1. What will China and other nations do?

The administration’s decision reportedly was based largely upon the assumption that if the U.S. required some form of access, so, too, would China:

Mr. Obama and his aides had come to fear that the United States could set a precedent that China and other nations would emulate, requiring Apple, Google and the rest of America’s technology giants to provide them with the same access, officials said.

Timothy D. Cook, the chief executive of Apple, sat at the head table with Mr. Obama and Xi Jinping, the Chinese president, at a state dinner at the White House last month. According to government officials and industry executives, Mr. Cook told Mr. Obama that the Chinese were waiting for an opportunity to seize on administration action to insist that Apple devices, which are also encrypted in China, be open to Beijing’s agents.

In January, three months after Mr. Comey began pressing companies for special government access, Chinese officials had threatened to do just that: They considered submitting foreign companies to invasive audits and requiring them to build back doors into their hardware and software. Those rules have not been put into effect. . . .

According to administration officials and technology executives, Mr. Cook of Apple has pressed the White House for a clear statement that it will never seek a back door in any form, legislative or technical — a statement he hoped to take to Beijing, Moscow and even London.  Prime Minister David Cameron of Britain has threatened to ban encrypted devices and services, like the iPhone and Facebook’s popular WhatsApp messaging service, but has done nothing so far to make good on that threat.

What if China and/or the U.K. nevertheless proceed to require companies to provide them with some form of access, as a condition of doing business in their nations?  Will U.S. and foreign companies comply?  And if they do, will that, in turn, reopen the debate here in the U.S.?

2.  What About the NSA’s Capabilities?

The Times story includes this intriguing paragraph:

The intelligence agencies were less vocal [than law enforcement agencies in urging support of legislation], which may reflect their greater capability to search for and gather information.  The National Security Agency spends vast sums to get around digital encryption, and it has tools and resources that local law enforcement officials still do not have and most likely never will.

Perhaps the answer to this question is obvious–and, if so, my fellow bloggers can weigh in–but if the NSA has “tools and resources” that ameliorate its concerns, why is it “most likely” that law enforcement couldn’t or wouldn’t insist upon being able to make use of those same capabilities?  Does the law prohibit their use inside the United States?  Some other reason? 

About the Author(s)

Marty Lederman

Professor at the Georgetown University Law Center Follow him on Twitter (@marty_lederman).