In a letter sent to the White House Tuesday, a large group of technology companies, trade associations, civil groups and security experts urged President Barack Obama to reject any proposals that would undermine strong encryption technologies for electronic communications. The signatories are asking the president not to allow encryption backdoors that would enable government access to personal information stored on mobile devices.
Among the letter's 143 signatories were Google, Apple, Cisco Systems, Dropbox, Facebook, HP, LinkedIn, Microsoft, Twitter, the Wikimedia Foundation and Yahoo.
The letter was written in response to recent comments from some officials in the Obama administration calling for weaker encryption so the government can access data on cellphones, laptops and other devices when it deems it necessary. Among the officials who have been the most vocal opponents of strong encryption is James Comey, Director of the Federal Bureau of Investigation.
Strong encryption technologies is the "cornerstone of the modern information economy's security . . . This protection would be undermined by the mandatory insertion of any new vulnerabilities into encrypted devices and services," according to the letter.
'Protect Security, Respect Privacy'
In the letter, the signatories urge Obama to follow the 2013 recommendations of the Review Group on Intelligence and Communications Technologies. The five-member group was appointed by the president to make recommendations on how the U.S. "can employ its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties."
Three of the five members of the Review Group signed today's letter to the president. They included Richard Clarke, who now serves as chairman of Good Harbor Security Risk Management; Geoffrey Stone, a law professor at the University of Chicago; and Peter Swire, a professor of law and ethics at the Georgia Institute of Technology.
Released in December 2013, the Review Group's final report made nearly four dozen recommendations to the president. For example, it advised that the U.S. government should not collect mass amounts of personal information from individuals and store it for later data mining, and that it should not do anything to undermine encryption standards.
'Crazy and Stupid'
We contacted cybersecurity expert Bruce Schneier, who is a fellow at Harvard's Berkman Center for Internet and Society and one of the signatories on today's letter, to learn more about what prompted the message to the president.
Schneier said that repeated anti-encryption comments from top officials such as Comey in the U.S. and Prime Minister David Cameron in the U.K. indicated that "the cryptowars are back. This is Cryptowar 2."
In the first cryptowar, the U.S. imposed export restrictions on encryption technologies that made it easier for authorities to break into Web-based and computer-based software. With officials like Cameron now saying strong encryption should be prohibited, governments are engaging in a second cryptowar, Schneier said. "It's crazy and stupid," he said.
The issue, he said, boils down to this: "Do you want encryption or do you want surveillance?" With the FBI removing past advice on its Web site for how citizens should protect their electronic communications using encryption, some agencies have clearly lined up on the side of surveillance, he said. The problem with that is that requiring technologies to be less encrypted and less secure doesn't benefit only the FBI or the NSA, according to Schneier.
"What happens when the Chinese ask? I can't build a system where the good guys can eavesdrop and the bad guys can't," he said.