Senior White House officials told privacy advocates on Thursday that the administration’s position on encryption remains unchanged: It’s not looking to force companies to ensure that the government can access encrypted content, at least not at this point.
“They maintained that they are not seeking legislation right now,” said Amie Stepanovich, the domestic policy manager at Access Now, who attended the meeting.
Encryption protects much of what happens online by scrambling data so that only authorized people can unlock it. But it’s also at the heart of a renewed debate over government access to the information the technology protects.
At the meeting were representatives from several civil society groups and government officials, including US deputy chief technology officers Ed Felten and Alex MacGillivray as well as cyber-security coordinator Michael Daniel, according to several attendees. The White House declined to comment on attendance or the content of the meeting.
Law enforcement officials, most notably FBI director James Comey, have warned that the roll-out of stronger forms of encryption that companies themselves cannot unlock for the government is letting criminals and terrorists “go dark.” Companies like Apple, he has argued, should ensure that the government is able to access encrypted data when served with court orders.
But many technologists say that creating ways around encryption undermines device and data security because the software in such “backdoors” may well have bugs that can be exploited by hackers.
In October, the administration decided not to seek legislation mandating access to encrypted data. However, a petition organized by the Electronic Frontier Foundation and Access Now called on President Obama to come out publicly against backdoors. By late October, it had garnered over 100,000 signatures – the threshold for requiring a response from the White House within 60 days.
In the wake of terrorist attacks in Paris last month and in California last week, some lawmakers have called for legislation to ensure law enforcement access to encrypted data. It remains unclear, however, if the terrorists in either attack used encrypted communications to coordinate the plots.
One administration official, who asked that his name not be used, said he was not sure what legislation could actually ask companies to do. He also said that when the administration came to its conclusion in October, “it’s not as though we weren’t aware of the terrorist threat.” So, he said, “I don’t think that fundamentally any of the factors that led to our original decision have actually changed all that much” in light of the latest attacks.
Earlier this week, the administration asked for more feedback on the issue and announced it would sit down with organizers behind the petition. The meeting occurred Thursday, although a blog post from EFF said the group was not clear that the invitation to the gathering was directly tied to the petition and its representatives were unable to make it.
Those who did attend said the meeting was positive. The government representatives mostly listened, but “made it clear they’d like to move beyond this debate,” said Kevin Bankston, the director of New America’s Open Technology Institute.
However, the administration did not make any commitments beyond delivering a more substantial response down the line. “They indicated that they anticipated a response to the petition by the end of the year,” Stepanovich said.
The government officials also cited a need for “greater technical education so policymakers could better understand the issue,” Bankston said.
Even if the government were to mandate that US companies provide them with access to encrypted content, stronger forms would still be available to terrorists and criminals. A recent report from Bankston’s organization described 16 popular apps for fully encrypted email, chat, messaging or voice calls that are outside the reach of US regulation because they are based outside of the country or are open source.
Open source projects generally rely on volunteer developers around the world, so there’s no one person or company the government could serve an order on for access to communications. Also, the code for such apps is publicly available, so even if the application was discontinued or altered, criminals or terrorists could set up their own version of the tools.