Apple to Obama: Don't let the FBI weaken phone encryption

Some of the world’s largest tech companies are planning to send a letter to President Obama today, asking him to reject any proposal to weaken the security of their products so that law enforcement can better view encrypted data.

“Whether you call them ‘front doors’ or ‘back doors’, introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers,” reads the letter, signed by 48 tech companies, including Apple, Facebook, Cisco Systems and Dropbox. Thirty-seven civil liberties groups, and a who’s who of security experts also signed the letter, which was obtained by the Washington Post.

“Every computer security expert that has spoken publicly on this issue agrees on [the problem of side doors for law enforcement], including the government’s own experts,” it says. Strong encryption, the letter claims, is the “cornerstone of the modern information economy’s security.”

The philosophical battle over what the government can and can’t ask of technology companies crossed into real life late last year, when Apple announced that the encryption strength of its iOS 8 mobile-operating system was so strong that it would be “technically unfeasible” to comply with government warrants for data. Only the user has the key to access the information.

“What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law,” responded FBI director James Comey. Shortly after, then-Attorney General Eric Holder echoed those concerns.

Apple has signaled that it will not back down. “If we don’t do everything we can to protect privacy, we risk more than money,” said Apple CEO Tim Cook at a government “cybersummit” earlier this year. “We risk our way of life.”

The confrontation between the opposing viewpoints came to a head late last month, when law enforcement officials tried to convince Congress that it should act to make sure investigators can access all kinds of encrypted data.

“What we’re asking for is not to lower [encryption] standards,” Amy Hess, executive assistant director of the FBI’s Science and Technology Branch, told the House Subcommittee on Information Technology. “Rather to come up with a way that we may be able to implement perhaps multiple keys or some other way to securely access that information, or rather be provided with that information.”

Technically, it is possible to give the FBI what it’s asking for, CATO scholar Julian Sanchez wrote earlier this year, but only theoretically. “The trouble, as any good information security pro will also tell you, is that real world systems are rarely as tidy as the theories, and the history of cryptography is littered with robust-looking cryptographic algorithms that proved vulnerable under extended scrutiny or were ultimately impossible to implement securely under real-world conditions,” wrote Sanchez.

The law enforcement push for a “golden key” quickly met bipartisan opposition. “The strongest encryption possible means not having a key,” commented Rep. Jason Chaffetz (R-Utah). On the other side of the aisle, Ted Lieu (D-Calif.), who has a bachelor’s in Computer Science from Stanford University, said that creating a “pathway for decryption” only for law enforcement is “technologically stupid.”

In fact, despite law enforcement efforts to bypass encryption, Congress is steadily moving in the exact opposite direction. Several bills have been introduced in both chambers, which would prohibit surveillance agencies from forcing tech companies to give them a backdoor.

Still, the recent push from federal lawmakers urged today’s letter from tech giants.

“We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products,” the letter asks of Obama, just in case.

“We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad.”

In a February interview with Re/Code, Obama suggested that he sees the issue as properly nuanced, but he declined to take a definitive side: “I lean probably further in the direction of strong encryption than some do inside of law enforcement. But I am sympathetic to law enforcement because I know the kind of pressure they’re under to keep us safe. And it’s not as black-and-white as it’s sometimes portrayed.”

During a talk at the RSA Conference on cybersecurity in Silicon Valley last month, Department of Homeland Security Secretary Jeh Johnson spoke about the tension between government and tech companies, as he announced the DHS would soon be opening offices in the Valley.

“Homeland security itself is a balance – a balance between the basic, physical security of the American people and the liberties and freedoms we cherish as Americans,” he said.

Johnson asked the attendees from the tech industry for help in finding some kind of a medium between the two camps. Law enforcement alone can’t strong-arm the solution, he argued.

“I can build you a perfectly safe city on a hill,” he said. “But it will constitute a prison.”

Daniel Rivero is a producer/reporter for Fusion who focuses on police and justice issues. He also skateboards, does a bunch of arts related things on his off time, and likes Cuban coffee.