Department of Homeland Security (DHS) secretary Jeh Johnson wants the government to work more closely with tech companies on security issues, but it also wants them to dial back their security encryption efforts. Johnson made his comments Tuesday in front of a packed house at the RSA conference in San Francisco, one of the world’s largest annual cybersecurity gatherings.
Johnson defended the Obama administration's ongoing stance, maintaining that tougher encryption by tech firms imposed in the wake of the National Security Agency's spying scandal will make it tougher to stop crime.
"The current course we are on, toward deeper and deeper encryption in response to the demands of the marketplace, is one that presents real challenges for those in law enforcement and national security," he said. "Encryption is making it harder for your government to find criminal activity, and potential terrorist activity."
President Barack Obama has spoken out in support of strong encryption, but has also advocated for a legal framework that gives government access to data. Officials at the FBI, DHS and the National Security Agency have been more direct about limiting encryption. They fear encryption has created situations that prevent government agencies from accessing digital data even when armed with warrants.
"Let me be clear," Johnson said. "I understand the importance of what encryption brings to privacy. But, imagine the problems if, well after the advent of the telephone, the warrant authority of the government to investigate crime had extended only to the U.S. mail."
We reached out to John Kindervag, vice president and principal analyst at Forrester Research Inc., who told us Johnson’s proposal was a "nightmare scenario."
"In the digital age everyone is going to have to live with the reality that most data should be encrypted," said Kindervag. "It is too dangerous to try to figure out ways to put back doors into systems that only governments can access. Shouldn't we have learned something from the Snowden debacle?"
Justice Department officials warned Apple last fall that children will die if police aren't able to get into suspects' iPhones because of the company's encryption. As Johnson told the RSA crowd, "Our inability to access encrypted information poses public safety challenges."
The White House is preparing a report that will outline various options to ensure law enforcement can bypass encryption during criminal or national security investigations. That report is expected later this month.
"We in government know that a solution to this dilemma must take full account of the privacy rights and expectations of the American public, the state of the technology, and the cybersecurity of American businesses," Johnson said.
An Old Story
Kindervag said similar tension has existed since the early days of the widely used e-mail encryption software Pretty Good Privacy, when co-founder Philip Zimmerman had to fight the government regarding encryption. That's because the government held that U.S. export restrictions for cryptographic software were violated when PGP spread worldwide. The government dropped its investigation into Zimmerman's practices in 1996.
"The assumption of some governmental entities that they can gain omniscience through surveillance just doesn't work anymore," said Kindervag. "There is massive amounts of data that belong to private citizens that should not be read by other entities without the citizens' direct permission."
Posted: 2015-04-23 @ 9:31am PT
It's the same story as when the NSA attempted to get Clipper/Skipjack implemented, and just as misguided.
Posted: 2015-04-22 @ 3:23pm PT
Incompetent leadership at the DHS is the real threat to national security. Preventing law abiding tech companies from using encryption won't prevent the criminals from doing it on their own. The DHS has to adapt to the new reality and live with encryption.