The US government looks set to step back from its earlier position on strong encryption, according to a document leaked to the Washington Post.
The US intelligence agencies had been attempting to force technology companies to introduce “backdoors” (security flaws) into their products to allow the authorities access to encrypted communications. However, following a barrage of criticism from security experts and the industry alike, a leaked draft document from the National Security Council (NSC), which was penned in July, suggests the government will now try a softly-softly approach to persuade tech companies to comply.
The US industry has been pushing back hard against government demands that companies such as Apple, which offers end-to-end encryption on some of its messaging products as well as encrypting devices by default, should make provision for government snooping, fearing it would damage customers’ trust and harm their business. Meanwhile, security experts point out that such a move would be counter-productive as any backdoor will, sooner or later, be exploited by cyber criminals or unfriendly states.
The leaked draft NSC document, entitled Review of Strategic Approaches, acknowledges that legislation to allow mandatory backdoors has little chance of being passed in the current climate, although the intelligence services have not entirely given up on the prospect.
An email sent to colleagues in August by intelligence service lawyer Robert S. Litt, which was obtained by the Washington Post, states that while the environment is “very hostile today … it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
Therefore the authorities should be “keeping our options open for such a situation”, Litt argued.
But, even if such a happy opportunity should fail to present itself, the leaked review says the US should seek to differentiate itself from other governments by being seen to support the industry and freedom of communication. Clearly the US is worried about being perceived around the world and by its citizens as a “Big Brother” surveillance state, and the draft paper sets out a timetable of communications by President Obama to counter such impressions.
In September, it says, the president should reach out to “foreign allies to signal our strong resistance to compel access”. There should also be “outreach to US industry, the technology community, and civil society,” and an “attempt to convince other allies to come out with a similar statement at the same time”.
In October, the president should issue a statement “strongly disavowing legislation or other efforts to compel access and calling on US industry to resist efforts by other nations to compel access,” while in November the US will try to build consensus by convening debates about encryption in order to build voluntary cooperation within the industry.
This approach, it hopes, will “remove technology companies most consistent grievance with the Administration, which could improve cooperation across a range of important priorities on technology issues including, but not limited to, encryption”.
The UK government has also been pushing for mandatory backdoors, with the Investigatory Powers Bill due to be debated this autumn.