In the public battle for strong encryption, EFF has championed the voice of everyday Internet users. After all, if we can’t rely on the security of our digital communications, how can the Web continue to grow and thrive?
Now the fight has moved to the Oval Office. EFF, Access Now, over a dozen nonprofits and tech companies, and over 100,0000 concerned Internet users joined forces to ask President Obama to stand up for uncompromised encryption.
We definitely got his attention.
In response, representatives of the White House publicly promised to meet with us and solicited even more feedback from the public. After some crossed wires about the meeting, EFF got in contact with White House representatives and we had a long phone conversation with them on Friday.
Here’s an overview of that conversation: what we said, what they said, and what we asked for. Note that these are just general ideas that were shared, not actual quotes from anybody at the meeting.
Our main concerns
We were very clear with the White House that EFF and Access Now are tired of having the same conversation. We’ve fought long and hard in the courts of law and public opinion to ensure that strong encryption is a mainstay of our networked world, and we’ve been successful. Whatever you call it—“strong” “robust,” or “uncompromised” encryption—it already exists, and it’s here to stay.
And yet, nearly 20 years after EFF’s seminal court case establishing computer code as a form of constitutionally protected speech, the government is still weighing whether and how to force technology companies to create special backdoors. Here is why we urged the White House to put this conversation to bed for good:
Undermining encryption is dangerous and technically infeasible. Leading security experts published a report this year stating emphatically that undermining encryption—whether through a “front door” or a “back door”—would have dire consequences. In fact, doing so would pose “grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”
We went one step further in our conversation with the White House. We called the debate laughable. It is laughable to suggest that you can create a method for legally sanctioned access and decryption of data that could be safe from abuse by hackers and other malicious actors. It is laughable to the technical community, to academics who have studied the issue, and to the ever-growing community of tech-savvy Internet users worldwide.
Undermining encryption would be ineffective. For years, a handful of law enforcement officials have been touting the idea that backdoors would help boost American security. The problem is, they’re wrong. Compromising the security of our communication tools would affect Internet users across the United States and worldwide, and create an online environment none of us could truly trust. But it wouldn’t do much to stop bad actors, who would simply move overseas or avoid products from American companies that may be subject to government pressure.
America is setting the stage for Internet policy worldwide. If we expect privacy and security for Americans’ communications from foreign governments like China and Russia, then we need to lead the way by showing that democratic countries do not force technology companies to build backdoors. After all, if a tech company will create special access for U.S. law enforcement, how will it be able to refuse other governments?
That’s not just theoretical. We have countless examples of foreign governments seeking access to user content, including the communications of American citizens. In fact, EFF is representing one such American seeking to defend the privacy of his communications against the Ethiopian government.
Strong crypto saves lives. It’s true that we need strong crypto to safeguard everything from indiscrete photos to online shopping transactions. But let’s not forget that for many people, strong crypto is a matter of life or death. Activists across the globe rely on uncompromised security to communicate and coordinate in authoritarian regimes, where doing so could risk life, liberty, and the safety of family members. That’s why the U.N. Special Rapporteur for Freedom of Expression has called on states to promote encryption, rather than undermine it.
The State Department has also long recognized that giving people access to strong security is consistent with American values and helps promote democracy inside repressive regimes. That’s why the State Department has promoted and sponsored secure communication tools for years.
Pressure is pressure, whether it’s official or not. FBI Director Comey knows he’ll face an uphill battle in attempting to pass any legislation that would mandate backdoors in our communications. So instead of accomplishing its agenda publicly, law enforcement seems to be using its own backdoors to get backdoors: we’ve heard stories of law enforcement officers putting private pressure on companies to undermine encryption, using overblown rhetoric and unsubstantiated claims around national security.
The fact is, the American people and our elected officials have rejected proposals to mandate backdoors. The FBI and other three letter agencies should heed the democratic process, and not try to pressure companies behind closed doors into undermining encryption on the government’s say-so.
People care about encryption. In talking to the White House, we also made clear that we have seen an outpouring of support and concern from Internet users on this issue. People care about encryption. They care about basic security for the Web and for the tools we use to communicate. Increasingly, Internet users recognize that a threat to encryption is a threat to the future of the Web. We can’t expect people to trust and rely on products that are known to be compromised, and we can’t expect the digital age to thrive when our technology is riddled with government-mandated security vulnerabilities.
The Snowden revelations began a new era for digital privacy. Millions of people are now aware of NSA surveillance of the Internet, and countless people worldwide are aware that American technology companies were implicated in those leaks. There’s a move toward stronger, more secure, end-to-end encryption of communications in transit and full disk encryption of devices. That’s why we’ve seen the growing popularity of secure tools like Signal, tech companies like Apple beefing up security, and newsrooms moving to adopt tools like Secure Drop.
People aren’t just worried about NSA surveillance. Data breaches are a serious concern. In 2015, there have been over 190 data breaches of sensitive consumer records (Social Security numbers and bank account details). The Privacy Rights Clearinghouse tallies 159,374,310 sensitive consumer records exposed this year. These include significant breaches of government systems, like the millions of records of the Office of Personnel Management, which analysts have noted could have been mitigated by basic security hygiene like encryption.
It’s no wonder that over 100,000 people signed the petition demanding Obama stand up for strong encryption. The idea that the Internet ought to be secure is mainstream.
The White House response
Representatives of the White House seemed to listen attentively, but shared little about their thoughts. They maintained that President Obama’s position has not changed in the last few months. While they seemed well aware of our concerns about the technical infeasibility of inserting backdoors, they didn’t necessarily share them. That worried us a great deal.
We have heard that the White House is interested in hearing from others, both members of the Save Crypto campaign as well as everyday Internet users. We’re asking people who care about this issue to speak out using the White House’s online form.
We wrapped up the meeting by making a few very specific requests of the White House. We believe the White House is likely to issue an official response to the petition before the end of the year, and we’ll be looking at these 7 criteria to judge that response:
- The response to the petition should come from the president himself, not from his press staff or others within the administration.
- The response to the petition should clarify that when the president says he supports “strong encryption,” this includes end-to-end encryption for data in transit, free from any back door, front door, or any other way for any third party—including the service provider itself—to read the content. For data at rest, it means secure encrypted storage that's only accessible to the user. Key escrow, split-key schemes, and other means of allowing third party access are not compatible with “strong encryption.”
- The response to the petition should state that the president will oppose any legislative efforts to restrict access to strong encryption.
- The response to the petition should also direct all parts of the executive branch to cease any activities inconsistent with this position.
- The response to the petition should clarify that while educating companies and working with them to respond to lawful process is to be expected, no part of the executive branch will demand, coerce, pressure, or condition any benefit on a provider designing or modifying a system or tool to permit third party access to content.
- The response to the petition should state that the president supports the continued efforts by the State Department to support those building cryptographic tools to protect communities facing repression around the world. This could be done as part of continued support for the Internet Freedom position first articulated by Secretary of State Clinton.
- We believe that the administration should reach out to other groups that supported the petition. While EFF and Access Now were the leaders, there are many other groups who participated and should have the opportunity to give input.
Your voice can make a difference in this debate. Please share your thoughts with President Obama today.