After the recent attacks in Paris and San Bernardino, encryption has once again become a political target in Washington. Despite there still being no solid evidence the attackers benefited from or even used encryption (in at least one case, they coordinated via distinctly unencrypted text messages) law enforcement and national security hawks have used the tragedies to continue pressing tech companies to give the US government access to encrypted communications—even if that means rolling back security and changing the nature of their businesses.
At a Senate Judiciary Committee hearing on Wednesday, FBI director James Comey went so far as to suggest that companies providing users with end-to-end encryption might need to simply, well, stop doing that.
"It's not a technical issue, it's a business model question," said Comey, referring to companies like Apple and WhatsApp which encrypt data so that it can't be read by any third party, including the companies themselves. "Lots of good people have designed their systems and their devices so that judges' orders can not be complied with, for reasons that I understand, I'm not questioning their motivations."
"The question we have to ask is: should they change their business model?"
It's a pivot from the FBI's past arguments in crypto debates, which advocated inserting government backdoors to guarantee access for law enforcement. Experts universally dismissed the idea as dangerous and technically impossible to achieve without making users more vulnerable to criminal hackers and foreign spies.
"First Comey wanted backdoors into encryption. All the experts said 'you can't do that,' so now he's defaulting to a new position which is, 'Just don't do it. Don't deploy end-to-end encryption,'" said Kevin Bankston, the director of the New America Foundation's Open Technology Institute, in an interview with Motherboard.
"It's basically saying the US tech sector should abandon the most secure and the fastest-growing sector of the communications economy and leave it to foreign companies and service providers" to make end-to-end encryption apps, Bankston said. This would cause terrorists, criminals, and all the other bad guys the FBI is worried about to simply gravitate toward those foreign apps and services. "Meanwhile, Americans will be left less secure and the information economy will be hobbled."
Comey's comments contrast with another development on the encryption front. Last night, the White House issued a promising (albeit non-committal) response to a petition calling for President Obama to reaffirm his support for strong encryption.
The letter, authored by Deputy US Chief Technology Officer Ed Felten and White House cybersecurity czar Michael Daniel, served as an open invitation to comment on the encryption issue, opening a web portal for public comments. The letter also says that administration officials will be meeting with the petition's creators later this week.
"It is critical that the government, the private sector, and other experts regularly engage to understand the impacts of encryption on national security, public health and safety, economic competitiveness, privacy, cybersecurity, and human rights around the world," the White House letter reads, while also encouraging "America's technology community and law enforcement and counterterrorism officials to work together to fight terrorism."
The petition, started by the Electronic Frontier Foundation and Access Now, received over 104,000 signatures and was supported by dozens of companies and groups including Twitter, Mozilla, Reddit, the ACLU, Human Rights Watch, and the Consumer Electronics Association.
"As the White House rightly recognizes, it's vital that internet users themselves, and groups that represent the public interest—such as security experts and organizations that fight for human rights—take part in the discussion," wrote Amie Stepanovich, Access Now's US policy director, in a statement emailed to Motherboard. "This is a unique opportunity for all of us to work together to develop an important policy that will have global impact."
Still, there's no guarantee those talks will diminish the intense pressure from law enforcement and intelligence agencies to address encrypted communications, which has grown exponentially since the attacks in Paris and San Bernardino.
"Our hope," wrote Bankston in an email, "is that at the end of this process, we will get what the petition asked for: a clear statement that the White House supports the right to use strong encryption and opposes the idea of the US—or any other government—mandating that companies make the security of their products weaker in order to facilitate surveillance."