Yesterday, during a panel on encryption policy hosted by Just Security, an online forum covering national security law and policy, top U.S. intelligence lawyer Robert S. Litt pressed the case for engineering backdoors in encryption without undermining computer security as a whole. As CPJ has documented, leading security and policy experts consider this impossible.
These skeptical experts received a boost last week when The Washington Post disclosed a draft memorandum, allegedly penned by U.S. National Security Council staff members this summer, indicating quiet but widespread agreement among senior Obama Administration officials that the president should either publicly reject, or at least defer, weakening encryption through compelled technical backdoors. The White House declined to comment to CPJ on the veracity or substance of the internal document obtained by the Post, which quoted several anonymous government officials as confirming that the memo accurately reflects debates being had by the administration.
As CPJ has documented, encryption protects journalists and newsrooms in many ways--from keeping conversations with sources private to mitigating networked-based attacks against critical infrastructure. The use of encryption is so vital to free expression that many legal experts have concluded that it is likely protected byinternational and U.S. constitutional law, a view CPJ shares. In addition, technical experts agree that it is impossible to add backdoors to encryption to give access for legitimate purposes without also making systems vulnerable to malicious actors.
CPJ has pressed each of these arguments publicly and, in July, CPJ Staff Technologist Tom Lowenthal and I flew to Washington, D.C. so CPJ could take its case directly to senior White House and Senate Judiciary committee staff.
Discussing the issue with U.S. business leaders in Washington on September 16, Obama described how state and non-state actors are exploiting vulnerabilities "at an accelerating pace." "[T]he stronger the encryption, the better we can potentially protect our data," Obama said. The administration seeks to "reconcile the need for greater and greater encryption" with law enforcement and intelligence agency demands, Obama continued, adding: "I won't say we've cracked the code yet."
The leaked memorandum--reported to be the result of internal consultations between officials responsible for U.S. national security, commerce, diplomatic, trade, and technology policy--does not anticipate a near-term plan to push for compulsory access to encrypted information, an option that, according to the Post,was removed from an earlier draft. Calls for such backdoors have been led almost exclusively by the FBI and the U.S. Department of Justice. These calls have been broadly resisted by the tech, civil society, and other sectors, and even prompted an op-ed in The Washington Post by former top military and intelligence officials in July explaining why fears about ubiquitous data encryption are "overblown."
Read the full post at the Committee to Protect Journalists website.