Attorney General Nominee Sessions Backs Crypto Backdoors
As the presidential campaign was in full swing early last year, now-President Trump made his feelings on encryption clear. Commenting on the Apple-FBI fight in San Bernardino, Trump threatened to boycott Apple if they didn’t cooperate: “to think that Apple won't allow us to get into [the] cell phone,” Trump said in an interview. “Who do they think they are? No, we have to open it up.”
For that reason, we were curious what Trump’s nominee for Attorney General, Sen. Jeff Sessions (R-AL) would say about the role of encryption.
At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position:
Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's’ digital security?
Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.
Despite Sessions’ “on the one hand, on the other” phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It’s simply not feasible for encryption to serve what Sessions concedes are its “many valuable and important purposes” and still be “overcome” when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein’s draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA.
As we’ve done for more than two decades, we will strongly oppose any legislative or regulatory proposal to force companies or other providers to give Sessions what he’s demanding: the ability to “overcome encryption.” Code is speech, and no law that mandates backdoors can be both effective and pass constitutional scrutiny. If Sessions follows through on his endorsement of “overcoming” encryption, we’ll see him in court.