“We Support Strong Encryption”

A good Washington talking point delivers zero content. A great Washington talking point sounds substantive… while delivering zero content.

In the spirit of honoring greatness, I’d like to call attention to the current White House position on cryptographic backdoors. It received its most public airing from President Obama, in a February 13 interview with RE/CODE.

“I’m a strong believer in strong encryption,” explained the President. “[T]here’s no scenario in which we don’t want really strong encryption.”

President Obama isn’t the only official invoking “strong encryption.” (And strongly, too.) In just about every recent conversation with an administration policymaker, I’ve been subjected to some version of the line.

Here’s the official, pre-canned White House position:

The United States Government firmly supports the development and adoption of strong encryption, which is a key tool to secure commerce and trade, safeguard private information, promote free expression and association, and strengthen cybersecurity.

To a computer security expert, or to a privacy advocate, “strong encryption” might sound like a policy victory. It means encryption that minimizes security risks. It means encryption where the user controls access. It means encryption that doesn’t include a vendor or government backdoor. And so, among colleagues, I’ve heard recent praise of the White House position.

To a law enforcement or intelligence official, though, “strong encryption” means something very different. It means encryption that minimizes security risks, but subject to the constraint that the government can still access data. It means encryption where the user controls access, except where the government is involved. It means encryption that does include a government backdoor, but a well-designed backdoor.1 

That’s why, in a recent House hearing, the FBI’s representative testified that “[c]ompanies must continue to provide strong encryption for their customers.” And that’s why, twenty years ago, at the height of the Crypto Wars, the FBI’s director testified “in favor of strong encryption, robust encryption.”

The White House has, to be fair, distanced itself from law enforcement and intelligence agencies on this issue. When the President said, “I lean probably further on side of strong encryption than some in law enforcement,” his cybersecurity team was sending a deliberate signal. They’re still thinking, and they’re still undecided.

The takeaway is straightforward. Next time you hear an official speak about “strong encryption,” recognize that you’ve heard zero content. And maybe take a moment to bask in the Washington greatness.

1. Several computer security colleagues have suggested that government access and “strong encryption” are fundamentally incompatible, that well-designed backdoors are technically impossible, and that the White House faces an either-or decision. The strongest articulation I’ve heard is that “backdoors break the Internet.” While I imagine that posing a binary choice is a useful rhetorical tool, I believe the issue is more nuanced. There are better and worse designs for government access to a communications or storage system, and in a handful of scenarios, the marginal security risk might be cabined. Backdoors are still a really bad idea, for a long list of reasons, but they don’t necessarily “break the Internet.”