Ever since FBI Director James Comey decried the use of unbreakable encryption as a national security threat by enabling terrorists and other suspected malefactors to “go dark”, the Internet has been ablaze with criticism over the prospect of government backdoors to secure communications and data.
Given recent events, whether we are talking about the attacks in Paris and San Bernardino or a recent high-level meeting between White House, Department of Justice (DoJ) and technology executives in Silicon Valley, it is clear that the intertwined issues of both security and privacy are not going away anytime soon.
The rhetoric and tension between Washington and Silicon Valley escalated in December when Comey testified that tech companies must rethink their “business models” as they relate to customer data and privacy and Tim Cook, CEO Apple reiterated his stance that pitting privacy against national security is a false dilemma.
At its core, the division stems from seemingly irreconcilable differences. On the one hand we have a centralized command-and-control, authoritarian worldview that defines the national security state. On the other hand there is the the risk-taking, libertarian, ecumenical ethos of the Internet and the technology companies that both enable and profit from it.
That the most visible and unyielding spokesman for Valley values is Tim Cook, the reserved CEO of the world’s most profitable company and not a strident, shaggy computer scientist spouting a GNU Manifesto shows both the breadth and significance of dispute and how deeply the forces of globalism and transnationalism have permeated the high tech community.
Even if the national agencies get everything on their wish list, it would change little for smartphone users in other countries or those savvy enough to sideload an ‘unauthorized’ app from outside the curated walls of the Apple App Store and Google Play Store.
Comey himself admitted as much, testifying that
I think there’s no way we solve this entire problem. … The sophisticated user could still find a way.
Instead, the federal security apparatus is banking on user inertia by getting Apple, Google, Microsoft and others to change defaults and settings to be snoop-friendly: in effect, to change the ”business model” or, more accurately, corporate values that include guarding customers’ privacy.
Comey first made the case in a statement to the Senate Judiciary Committee last July and although he never uses the inflammatory phrase “back door,” that’s the logical result of his line of argument. He directly targets the notion that users have complete and sole control over their encryption keys (emphasis added):
In recent months, however, we have on a new scale seen mainstream products and services designed in a way that gives users sole control over access to their data. As a result, law enforcement is sometimes unable to recover the content of electronic communications from the technology provider even in response to a court order or duly-authorized warrant issued by a federal judge. For example, many communications services now encrypt certain communications by default, with the key necessary to decrypt the communications solely in the hands of the end user. This applies both when the data is “in motion” over electronic networks, or “at rest” on an electronic device. If the communications provider is served with a warrant seeking those communications, the provider cannot provide the data because it has designed the technology such that it cannot be accessed by any third party.
Not just encryption, but expression
Although the encryption debate has dominated online discussion, the government’s other appeal to the Brahmins of tech concerns freedom of expression, namely the use of social networks as megaphones for “extremism”.
Government goals are manifest in the White House task force on Combatting Violent Extremism (CVE), an effort to
…prevent violent extremists and their supporters from radicalizing, recruiting, or inspiring individuals or groups in the United States and abroad to commit acts of violence.
Last week, those efforts spread to Silicon Valley as the group convened a summit with tech execs, including Cook, to discuss cooperative ways
…to make it even harder for terrorists or criminals to find refuge in cyberspace.
Although the meeting was held in closed session, the public agenda focused on uncontroversial topics like making it easier for countervailing voices, particularly in ISIS-controlled areas, to develop and distribute content and stickier issues, like making it easier for law enforcement to identify and stop terrorists using online media.
However, a leaked preparatory briefing paper distributed to participants made clear that hotter topics like encryption and data-driven profiling were also on the docket.
The encryption talking points echoed those Comey has been making for months, however the detection and prevention topics were new. Some of the ideas in the briefing notes will certainly disturb civil libertarians, but are sure to give many tech companies pause. For example,
Are there technologies that could make it harder for terrorists to use the internet to mobilize, facilitate, and operationalize? Or easier for us to find them when they do? What are the potential downsides or unintended consequences we should be aware of when considering these kinds of technology-based approaches to counter terrorism?”
“Some have suggested that a measurement of level of radicalization could provide insights to measure levels of radicalization to violence. While it is unclear whether radicalization is measurable or could be measured, such a measurement would be extremely useful to help shape and target counter-messaging and efforts focused on countering violent extremism.”
“There is a shortage of compelling credible alternative content; and this content is often not as effectively produced or distributed as pro-ISIL content and lacks the sensational quality that can capture the media’s attention. … We invite the private sector to consider ways to increase the availability alternative content. Beyond the tech sector, we have heard from other private sector actors, including advertising executives, who are interested in helping develop and amplify compelling counter-ISIL content.
Cook’s response was swift and firm. According to The Intercept, citing informants briefed on details of the task force meeting,
Cook lashed out at the high-level delegation of Obama administration officials who came calling on tech leaders in San Jose last week.
Cook reportedly reiterated his call for the White House to cease efforts to get tech companies like Apple to install encryption back doors.
The idea of encryption back doors is like a con job that never gets old. It just comes around every couple of decades to snare a new generation of suckers.
Today’s controversy is a rerun of the debates in the 90’s over the NSA’s proposed Clipper chip, a government-sponsored crypto accelerator with an NSA master key. It was roundly rejected then when people rightly pointed out that any sanctioned back door is also a juicy vulnerability that will inevitably be reverse-engineered and exploited by hackers, cyber criminals and nation states.
The idea is even less viable and enforceable today when every smartphone has plenty of horsepower to perform local encryption and algorithms are both more sophisticated and freely available.
The notion of countering extremism by encouraging opposing voices from within the ranks of the disaffected and radicalizable is both banal and uncontroversial, however data mining online content trolling for proto-extremists sounds a lot like the NSA’s reviled and borderline unconstitutional PRISM metadata collection program.
Although the profiling technology used by Google and Facebook to target and sell advertising might be useful in identifying inciteful, extremist content, it’s one thing when a company uses it for commercial activity and quite another when the government uses it for criminal profiling.
Further, I doubt the willingness of companies to share proprietary technology of significant commercial value with the government and to assist in deploying it on cloud servers (like those at the NSA’s Bluffdale, Utah Data Center) that are presumably vacuuming communication traffic from vast swaths of the Internet.
Image credit: concept of computer security © lucadp – Fotolia.com