Obama – DoGoodSoft's Official Blog

Take a stand against the Obama/FBI anti-encryption charm offensive

It has been frustrating to watch as the horrific San Bernardino terrorist killing spree has been used as a cover by the FBI to achieve the anti-encryption goals they’ve been working towards for years. Much of that frustration stems from the fact that the American media has so poorly reported the facts in this case.

The real issue in play is that the FBI wants backdoor access to any and all forms of encryption and is willing to demonize Apple in order to establish an initial precedent it can then use against all other software and hardware makers, all of whom are smaller and are far less likely to even attempt to stand up against government overreach.

However, the media has constantly echoed the FBI’s blatantly false claims that it “does not really want a backdoor,” that only cares about “just this one” phone, that all that’s really involved is “Apple’s failure to cooperate in unlocking” this single device, and that there “isn’t really any precedent that would be set.” Every thread of that tapestry is completely untrue, and even the government has now admitted this repeatedly.

Representative democracy doesn’t work if the population only gets worthless information from the fourth estate.

However, in case after case journalists have penned entertainment posing as news, including a bizarre fantasy written up by Mark Sullivan for Fast Company detailing “How Apple Could Be Punished For Defying FBI.”

A purportedly respectable polling company asked the population whether Apple should cooperate with the police in a terrorism case. But that wasn’t the issue at hand. The real issue is whether the U.S. Federal Government should act to make real encryption illegal by mandating that companies break their own security so the FBI doesn’t have to on its own.

The Government’s Anti-Encryption Charm Offensive

Last Friday, U.S. Attorney General Loretta Lynch made an appearance on The Late Show with Stephen Colbert to again insist that this is a limited case of a single device that has nothing to do with a backdoor, and that it was really an issue of the County-owned phone asking Apple for assistance in a normal customer service call.

Over the weekend, President Obama appeared at SXSW to gain support for the FBI’s case, stating outright that citizens’ expectation that encryption should actually work is “incorrect” and “absolutist.”

He actually stated that, “If your argument is ‘strong encryption no matter what, and we can and should in fact create black boxes,’ that I think does not strike the kind of balance we have lived with for 200, 300 years. And it’s fetishizing our phone above every other value, and that can’t be the right answer.”

That’s simply technically incorrect. There’s no “balance” possible in the debate on encryption. Either we have access to real encryption or we don’t. It very much is an issue of absolutes. Real encryption means that the data is absolutely scrambled, the same way that a paper shredder absolutely obliterates documents. If you have a route to defeat encryption on a device or between two devices, it’s a backdoor, whether the government wants to play a deceptive word game or not.

If the government obtains a warrant, that means its has the legal authority to seize evidence. It does not mean that the agencies involved have unbridled rights to conscript unrelated parties into working on their behalf to decipher, translate or recreate any bits of data that are discovered.

If companies like Apple are forced to build security backdoors by the government to get around encryption, then those backdoors will also be available to criminals, to terrorists, to repressive regimes and to our own government agencies that have an atrocious record of protecting the security of data they collect, and in deciding what information they should be collecting in the first place.

For every example of a terrorist with collaborator contacts on his phone, or a criminal with photos of their crimes on their phone, or a child pornographer with smut on their computer, there are thousands of individuals who can be hurt by terrorists plotting an attack using backdoors to cover their tracks, or criminals stalking their victims’ actions and locations via backdoor exploits of their devices’ security, or criminal gangs distributing illicit content that steps around security barriers the same way that the police hope to step around encryption on devices.

Security is an absolutist position. You either have it or you don’t.

Obama was right in one respect. He noted that in a world with “strong, perfect encryption,” it could be that “what you’ll find is that after something really bad happens the politics of this will swing and it will become sloppy and rushed. And it will go through Congress in ways that have not been thought through. And then you really will have a danger to our civil liberties because the disengaged or taken a position that is not sustainable.”

However, the real answer to avoiding “sloppy, rushed” panic-driven legislation is to instead establish clear rights for citizens and their companies to create and use secure tools, even if there is some fear that secure devices may be used in a way that prevents police from gaining access to some the evidence they might like to access in certain cases.

The United States makes no effort to abridge the use of weapons like those used in San Bernardino to actually commit the atrocity. It should similarly not insist that American encryption should only work with a backdoor open on the side, giving police full access to any data they might want.

It’s not just a bad idea, it’s one that will accomplish nothing because anyone nefarious who wants to hide their data from the police can simply use non-American encryption products that the FBI, the president and the U.S. Congress have no ability to weaken, regardless of how much easier it would make things for police.

Obama: ‘Absolutist view’ on encryption not answer

President Barack Obama said Friday that the encryption versus national security debate, currently being played out in Apple’s legal fight against the federal government, won’t be settled by taking an “absolutist view.”

Addressing an audience of tech enthusiasts meeting in the Texas capital, Obama said both values are important.

He restated his commitment to strong encryption, but also asked how will government catch child pornographers or disrupt terrorist plots if smartphones and other electronic devices are made ways that keep law enforcement from accessing the data stored on them.

“My conclusion, so far, is you cannot take an absolutist view on this,” Obama said at the South by Southwest Interactive festival.

During a question-and-answer session with Evan Smith, CEO and editor in chief of The Texas Tribune, Smith asked Obama “where do you come down” on the question of balancing law enforcement’s needs with an individual’s right to privacy.

Obama said government shouldn’t be able to “just willy nilly” get into smartphones that are full of very personal data. But at the same time, while asserting he’s “way on the civil liberties side,” Obama said “there has to be some concession” to be able to get to the information in certain cases.

The president was not asked to comment on the litigation between Apple and the FBI. He also said he couldn’t discuss specifics.

Apple and the federal government are embroiled in a legal fight over Apple’s refusal to help the FBI access an iPhone used in last year’s terrorist attack San Bernardino, California, in which 14 people were killed. The FBI wants Apple to create a program specifically for that particular phone to help the bureau review the data on it. Apple has refused, and says to do what the government is asking would set a terrible precedent.

Rep. Darrell Issa, R-Calif., who has sharply questioned FBI Director James Comey during congressional hearings on the matter, released a statement in which he said Obama’s comments showed his “fundamental lack of understanding of the tech community, the complexities of encryption and the importance of privacy to our safety in an increasingly digital world.”

“There’s just no way to create a special key for government that couldn’t also be taken advantage of by the Russians, the Chinese or others who want access to the sensitive information we all carry in our pockets every day,” Issa said.

Obama used his appearance at the decades-old festival to encourage the audience of tech enthusiasts to use their skills and imagination to “tackle big problems in new ways.” He said the administration already is using technology to make people’s lives better, and cited as an example the streamlining of federal applications. But he urged industry leaders and entrepreneurs to use technology to help increase voter participation.

“The reason I’m here, really, is to recruit all of you. It’s to say to you, as I’m about to leave office, how can we start coming up with new platforms and new ideas, new approaches across disciplines and across skill sets, to solve some of the big problems that we’re facing today.”

South by Southwest Interactive is part of South by Southwest, a movie, music and interactive media festival that had been held in Austin for the past 30 years. Obama’s appearance was the first by a sitting U.S. president.

After the festival, which also is known as SXSW, Obama helped raise money for Democrats at a pair of fundraisers in Austin.

Tech Companies and Civil Liberties Groups Force Obama To Weigh In On Encryption Debate

President Obama will now be forced to publicly describe the extent of his commitment to protecting strong encryption, after nearly 50 major technology companies, human rights groups, and civil liberties collectives—including Twitter, the ACLU, and Reddit — succeeded in getting over 100,000 signatures on a White House petition on Tuesday.

The government’s “We the People” platform, created in 2011, was designed as “a clear and easy way for the American people to petition their government.” Once a petition gains 100,000 signatures, it is guaranteed a response.

The savecrypto.org petition demands that Obama “publicly affirm your support for strong encryption” and “reject any law, policy, or mandate that would undermine our security.”

FBI director James Comey has been preaching about the dangers of end-to-end encryption for the past year, saying it blocks law enforcement from monitoring communications involving criminals and terrorists. He’s asked for special access into encrypted communications — a “back door” or “front door.”

However, technologists and privacy advocates insist that any hole in encryption for law enforcement can be exploited by hackers.

Comey testified earlier this month before the Senate Homeland Security and Governmental Affairs Committee that the White House was not seeking legislation to force companies to build backdoors into their products—at least not yet.

However, top intelligence community lawyer Robert S. Litt wrote in a leaked e-mail obtained by the Washington Post that public opinion could change “in the event of a terrorist attack or criminal event” where encryption stopped law enforcement from detecting the threat. He recommended “keeping our options open for such a situation.”

Now, the White House will have to speak for itself.

“More than 100,000 users have now spoken up to ask the Administration to make a strong statement in support of data security – no back doors, no golden keys, no exceptional access,” said Amie Stepanovich, the U.S. Policy Manager for digital rights group Access Now, one of the founding organizations of the petition along with the Electronic Frontier Foundation. “We thank those who have stood with us and look forward to President Obama’s response.”

Obama administration has decided not to seek a legislative remedy now

FBI Director James Comey told a congressional panel that the Obama administration won’t ask Congress for legislation requiring the tech sector to install backdoors into their products so the authorities can access encrypted data.

Comey said the administration for now will continue lobbying private industry to create backdoors to allow the authorities to open up locked devices to investigate criminal cases and terrorism.

“The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” Comey told a Senate panel of the Homeland Security and Governmental Affairs Committee on Thursday.

Comey’s comments come as many in the privacy community were awaiting a decision by the administration over whether it would seek such legislation. Many government officials, including Comey himself, have called for backdoors. All the while, there’s been intense lobbying by the White House to guilt the tech sector for a backdoor. And Congress has remained virtually silent on the issue that resembles the so-called Crypto Wars.

The president’s public position on the topic, meanwhile, has been mixed. Obama had said he is a supporter and “believer in strong encryption” but also “sympathetic” to law enforcement’s need to prevent terror attacks.

The government’s lobbying efforts, at least publicly, appear to be failing to convince tech companies to build backdoors into their products. Some of the biggest names in tech, like Apple, Google, and Microsoft, have publicly opposed allowing the government a key to access their consumers’ encrypted products. All the while, some government officials, including Comey, have railed against Apple and Google for selling encrypted products where only the end-user has the decryption passcode.

According to a letter to Obama from the tech sector:

The government cannot force the tech sector to build encryption end-arounds. The closest law on the books is the Communications Assistance for Law Enforcement Act of 1994, known as CALEA. The measure generally demands that telecommunication companies make their phone networks available to wiretaps.

Building backdoors into encryption isn’t only bad for China, Mr President

Want to know why forcing tech companies to build backdoors into encryption is a terrible idea? Look no further than President Obama’s stark criticism of China’s plan to do exactly that on Tuesday. If only he would tell the FBI and NSA the same thing.

In a stunningly short-sighted move, the FBI – and more recently the NSA – have been pushing for a new US law that would force tech companies like Apple and Google to hand over the encryption keys or build backdoors into their products and tools so the government would always have access to our communications. It was only a matter of time before other governments jumped on the bandwagon, and China wasted no time in demanding the same from tech companies a few weeks ago.

As President Obama himself described to Reuters, China has proposed an expansive new “anti-terrorism” bill that “would essentially force all foreign companies, including US companies, to turn over to the Chinese government mechanisms where they can snoop and keep track of all the users of those services.”

Obama continued: “Those kinds of restrictive practices I think would ironically hurt the Chinese economy over the long term because I don’t think there is any US or European firm, any international firm, that could credibly get away with that wholesale turning over of data, personal data, over to a government.”

Bravo! Of course these are the exact arguments for why it would be a disaster for US government to force tech companies to do the same. (Somehow Obama left that part out.)

As Yahoo’s top security executive Alex Stamos told NSA director Mike Rogers in a public confrontation last week, building backdoors into encryption is like “drilling a hole into a windshield.” Even if it’s technically possible to produce the flaw – and we, for some reason, trust the US government never to abuse it – other countries will inevitably demand access for themselves. Companies will no longer be in a position to say no, and even if they did, intelligence services would find the backdoor unilaterally – or just steal the keys outright.

For an example on how this works, look no further than last week’s Snowden revelation that the UK’s intelligence service and the NSA stole the encryption keys for millions of Sim cards used by many of the world’s most popular cell phone providers. It’s happened many times before too. Ss security expert Bruce Schneier has documented with numerous examples, “Back-door access built for the good guys is routinely used by the bad guys.”

Stamos repeatedly (and commendably) pushed the NSA director for an answer on what happens when China or Russia also demand backdoors from tech companies, but Rogers didn’t have an answer prepared at all. He just kept repeating “I think we can work through this”. As Stamos insinuated, maybe Rogers should ask his own staff why we actually can’t work through this, because virtually every technologist agrees backdoors just cannot be secure in practice.

(If you want to further understand the details behind the encryption vs. backdoor debate and how what the NSA director is asking for is quite literally impossible, read this excellent piece by surveillance expert Julian Sanchez.)

It’s downright bizarre that the US government has been warning of the grave cybersecurity risks the country faces while, at the very same time, arguing that we should pass a law that would weaken cybersecurity and put every single citizen at more risk of having their private information stolen by criminals, foreign governments, and our own.

Forcing backdoors will also be disastrous for the US economy as it would be for China’s. US tech companies – which already have suffered billions of dollars of losses overseas because of consumer distrust over their relationships with the NSA – would lose all credibility with users around the world if the FBI and NSA succeed with their plan.

The White House is supposedly coming out with an official policy on encryption sometime this month, according to the New York Times – but the President can save himself a lot of time and just apply his comments about China to the US government. If he knows backdoors in encryption are bad for cybersecurity, privacy, and the economy, why is there even a debate?