BY TOM SIMONITE
MIT TECHNOLOGY REVIEW
The White House and U.S. Department of Homeland Security officials support arguments by the nation’s law enforcement and intelligence leaders that encryption technology should be restricted or modified to make it easier for the government to access private data.
Speaking at the world’s largest computer security event, the RSA conference, Jeh Johnson—the U.S. secretary for Homeland Security—said that strong encryption was hampering law enforcement and that workarounds were needed. At the same event, President Obama’s cybersecurity coӧrdinator said that the White House was looking into what methods could be required in encryption technology to give law enforcement and other agencies a way in.
The remarks come after FBI director James Comey called last year for unlocking mechanisms for systems like those that automatically encrypt data on Apple smartphones. Just last week, National Security Agency head Michael Rogers sketched out a system where companies would have to hand over encryption keys to his agency and others in government.
In a keynote speech at the RSA conference, Johnson cautioned the computer industry against widening the use of strong encryption. He likened the situation to a world in which the telephone had been introduced without an accompanying mechanism for law enforcement and intelligence agencies to tap phone calls. “Our inability to access encrypted information poses public safety challenges,” he said. “Encryption is making it harder for your government to find criminal activity.”
Johnson did not recommend specific technical solutions, but made it clear that he felt the government should have a way to circumvent or unwind encryption. He appealed to the computer network and security professionals in the audience to consider how it might be done. “We need your help to find a solution,” he said.
Johnson’s keynote came directly after an onstage discussion between several well-known cryptographers, including Ron Rivest, Adi Shamir, and Whitfield Diffie, who between them invented many of the methods and algorithms that have become the most commonly used way to protect online data. All warned that the idea of building government access methods into encryption systems is flawed.
“There’s lots of problems with this idea,” said Rivest, an MIT professor of electrical engineering and computer science who helped create the RSA encryption algorithm used to secure encrypted Web pages and Internet traffic. He and many other cryptography experts have previously warned that a “backdoor” in an encryption system created for the U.S. government could be discovered and used by others.
Rivest also argued that if the U.S required such a system, other countries would impose similar mandates. “Once the U.S. government has a door into your private data, it’s not just going to be the U.S. government that wants that, it’s going to be the U.K., Germany, China, and so on,” he said. “This is going to be a house with many, many doors with keys held by many, many parties.”
President Obama’s cybersecurity coӧrdinator Michael Daniel acknowledged those concerns at a meeting with reporters Tuesday afternoon. But he said that the White House was nonetheless investigating policies and technical measures that would give the government access to encrypted data, at the request of President Obama.
“If you have some way to have access in there, you have a vulnerability in the system,” conceded Daniel. “The question is can you do that in a way where the benefit outweighs the cost.” The White House is not yet committed to a policy either way, but encryption poses a definite challenge to national security and law enforcement agencies, he said.
When the White House might decide on a policy is unclear. “It’s going to take some time to work through this,” said Daniel.