President Obama urges prudence from both sides of encryption debate, warns against 'absolutist' pos
Speaking on the encryption debate at SXSW Interactive in Austin on Friday, President Barack Obama carefully navigated the waters between government overreach and civil liberties, saying that while both sides need to make concessions, encryption advocates should avoid taking an absolutist stance on the issue.
During a lengthy and wide-ranging discussion with Evan Smith, Editor in Chief of The Texas Tribune, Obama delivered what at first blush appears to be an even-keeled presentation of a topic that has, over the past month, morphed into a war of words between the Department of Justice and Apple.
"Technology is evolving so rapidly that new questions are being asked, and I am of the view that there are very real reasons why we want to make sure the government cannot just willy-nilly get into everybody's iPhones -- or smartphones -- that are full of very personal information," Obama said.
A federal magistrate judge in February ordered Apple to help the FBI break into a passcode-protected iPhone used by San Bernardino terror suspect Syed Rizwan Farook. The company is resisting, claiming, among other things, that the creation of a software workaround inherently weakens iOS encryption mechanisms and would thus put all iPhones at risk.
Unlike other politicians, Obama appears to have a good grasp of the issue's technical details, noting he thinks Apple's argument is likely true, albeit overstated. However, he did caution against an "absolutist" stance on the matter, saying un-hackable encryption is not an ideal solution. Law enforcement agencies exist to ensure public safety, and they need certain tools and levels of access to do so.
Obama suggested a solution that allows for constrained government access to private data. He likened the intrusion to TSA checks at the airport, drunk driving road blocks or tax enforcement; all accepted policies that, while potentially unpleasant, are recognized as important to the greater good.
"This notion that somehow our data is different and can be walled off from those other tradeoffs we make, I believe is incorrect," he said. "My conclusion so far is that you cannot take an absolutist view on this. So if your argument is 'strong encryption no matter what, and we can and should in fact create black boxes,' that I think does not strike the kind of balance we have lived with for 200, 300 years. And it's fetishizing our phone above every other value, and that can't be the right answer."
But the issue, of course, is in finding a system of checks and balances that appeases law enforcement requests while at the same time offering high levels of protection for consumers. Obama said one solution could be allowing very narrow access to personal data, which basically describes a privileged backdoor. Apple and fellow tech companies are vehemently against such concessions.
"If everybody goes to their respective corners and the tech community says, 'you know what, either we have strong, perfect encryption, or else it's big brother and [an] Orwellian world,' what you'll find is that after something really bad happens the politics of this will swing and it will become sloppy and rushed," Obama said. "And it will go through Congress in ways that have not been thought through. And then you really will have a danger to our civil liberties because the disengaged or taken a position that is not sustainable."
During a lengthy and wide-ranging discussion with Evan Smith, Editor in Chief of The Texas Tribune, Obama delivered what at first blush appears to be an even-keeled presentation of a topic that has, over the past month, morphed into a war of words between the Department of Justice and Apple.
"Technology is evolving so rapidly that new questions are being asked, and I am of the view that there are very real reasons why we want to make sure the government cannot just willy-nilly get into everybody's iPhones -- or smartphones -- that are full of very personal information," Obama said.
A federal magistrate judge in February ordered Apple to help the FBI break into a passcode-protected iPhone used by San Bernardino terror suspect Syed Rizwan Farook. The company is resisting, claiming, among other things, that the creation of a software workaround inherently weakens iOS encryption mechanisms and would thus put all iPhones at risk.
Unlike other politicians, Obama appears to have a good grasp of the issue's technical details, noting he thinks Apple's argument is likely true, albeit overstated. However, he did caution against an "absolutist" stance on the matter, saying un-hackable encryption is not an ideal solution. Law enforcement agencies exist to ensure public safety, and they need certain tools and levels of access to do so.
Obama suggested a solution that allows for constrained government access to private data. He likened the intrusion to TSA checks at the airport, drunk driving road blocks or tax enforcement; all accepted policies that, while potentially unpleasant, are recognized as important to the greater good.
"This notion that somehow our data is different and can be walled off from those other tradeoffs we make, I believe is incorrect," he said. "My conclusion so far is that you cannot take an absolutist view on this. So if your argument is 'strong encryption no matter what, and we can and should in fact create black boxes,' that I think does not strike the kind of balance we have lived with for 200, 300 years. And it's fetishizing our phone above every other value, and that can't be the right answer."
But the issue, of course, is in finding a system of checks and balances that appeases law enforcement requests while at the same time offering high levels of protection for consumers. Obama said one solution could be allowing very narrow access to personal data, which basically describes a privileged backdoor. Apple and fellow tech companies are vehemently against such concessions.
"If everybody goes to their respective corners and the tech community says, 'you know what, either we have strong, perfect encryption, or else it's big brother and [an] Orwellian world,' what you'll find is that after something really bad happens the politics of this will swing and it will become sloppy and rushed," Obama said. "And it will go through Congress in ways that have not been thought through. And then you really will have a danger to our civil liberties because the disengaged or taken a position that is not sustainable."
Comments
It's a binary option. Either there is a backdoor/weakness or there isn't. There is no middle ground.
So much for Obama having "a good grasp of the issue's technical details." He's not doing any better than any other politician (from both sides of the aisle) saying exactly the same thing in different words.
If the government doesn't like the existing laws (or lack thereof), it has only itself to blame, just like the government has only itself to blame for letting Malik into the U.S. after she made pro-ISIS postings on Facebook. And failings of our Immigration and Naturalization Service ultimately fall on Obama.
He had me all the way up to the TSA...recognized the world over for stealing undergarments, amongst other things.
His time has finished.
M this isn't one of those situations where you can just find the happy medium.
People don't need to look in my phone. Period.
Obama just playing his game of trying to look like he's not taking sides.
in reality, compromising just allowing the FBI to crush our privacy.
There the is no middle ground.
This is situation where the people need a white car or a black car. You cannot mix. That is gray. Once it is grey. It is no longer black. Or it is no longer white.
You our don't get a backdoor without getting s bsckdoor.
Troubling too because this is obamas FBI.
THE MAN HAS BEEN ABLE TO DO ANYTHING HE WANTS WITH NO SAY BY THE PEOPLE.
a from setting up unaccountable and unelected czars (czars, really?) to destroying health care, to losing money on vas for clunkers (compare the edmunds report to the White House fairy tale), to removing the people's say in moral issues, etc.
Now he intends to become the UN president.
The UN doesn't hold USA values.
Mine of the scarier things is that the UN often classifies free speech as terrorism and hate speech for example if someone objects to a moral issue on the grounds of faith
in this country we have freedom of religion.
But it already the DHS has tried to classify religious views as hate speech.
Means im not talking Islam cut off your head speech. I'm talking a pastor simply objecting to homosexuality because of what their bible says.
People should be free to disagree and not have their morals forcibly compromised.
If if prople want to be homosexual, fine. But don't force a Christian church to hire one. Especially when that church represents the bible and that person they're hiring lives in direct contradiction.
it's like the Democratic Party being forced to nominate Ted Cruz.
If if obsma has his way (and please. Let's not pretend the FBI just decided to do this without it being an Obama directive. Remember how this played out in public to get the ball rolling? That's an Obama M.O. And so is the recent cheap shot filing), then he and the UN will also have access to this-our personal and private life details.
For one, you KNOW you're going to go through a checkpoint and you PREPARE.
a they see what you chose to bring for them to inspect.
A a phone is different. It's pictures, Internet browsing, phone calls, emails, txt, app usage, voicemail, etc. deeply personal.
There SHOULDNT EVER be a TSA for that.
its not simply "data" mr. Obama. It's my personal life details.
It is stupid to bring up TSA intrusion, drunk driving road blocks, tax enforcement; traffic cameras, etc in a discussion about data security. This goes way beyond privacy. All our lives are in these phones. This is the problem. This is a discussion of absolutes. There is no such thing as balance in a discussion about encryption. Either you let criminals into our phones or you do your best without intentional backdoors to keep them out.
Unbreakable encryption is still not 100% because data endpoints are still vulnerable. We cannot possibly take this a step further and intentionally weaken data security by adding backdoors. Anyone proposing the addition of backdoors is misinformed. And the US Government is by far the worst organization at keeping data secure. Anything that the US government keeps secret is guaranteed to leak. Take Snowden. The US Govt had no idea that he was downloading top secret documents while he was working for the NSA. And the US Govt. still has no clue how many documents he took with him. Is this where we want to keep our data secure, including encryption keys or Apple's GovtOS? Fk that! Every other day, the Govt gets hacked.
I propose that ALL search orders must go to the rightful owner of the phone and only the owner. This way, there is no question on who can unlock the phone. This will keep this process straightforward. After all, when law enforcement serves a search warrant to a homeowner, the warrant does not go to the homebuilder.
In cases for which direct access of information in a phone is not possible, there is still hope. The answer is to request phone business records through the 215 program, examine geopositional data. Metadata is far more powerful than content.
The FBI knows there is a way to get the decryption key by taking it apart, they just don't want to because it might destroy the phone instantly. So instead they want to compel Apple to create a version of iOS that can be loaded onto any iPhone to brute-force the password.
Apple can "give the middle finger" here by tying a temporal password limit. eg the first 5 times are instant, and then every time after that the delay for using the PIN doubles. That would hamper any brute-force technique. A self-destruct mechanism should be a duress password (Eg a password that would be hit by brute forcing) or a number of tries definable by the user.
Now, as far as creating backdoors...
I could see Apple making a JTAG-like connector inside the phone, that is only useful as a "recovery" mechanism. This wouldn't allow anyone to unlock the phone, it would just allow the flash to be dumped or securely erased from the device, which could then be manipulated on a hardware emulator. This is reasonable since you can't decrypt the phone without having it and without making it effectively unusable (so it can't just be used to unlock a suspect's device at will.) But as others will point out, any backdoor is bad, and providing this kind of mechanism would only be useful to prevent destroying the phone by accident. But it seems reasonable as long as Apple isn't providing software assistance in this regard.
The other option, is that Apple open sources the base iOS (not the apps, app store, etc) and thus the onus falls on some other party to create a backdoor'd iOS, but Apple still won't sign these unauthorized iOS versions, so that still goes back to figuring out how to load such a thing.
Encryption
This debate is a defining moment in the tech industry and its impact will be felt for generations. It's implications don't just impact the US but the world and I don't think most people are looking at the long term impact this ruling will have.
At the heart of this debate is if we have a right to security. Not privacy as many have stated but security. In this case security, privacy and freedom line up and it is not the way the FBI wants it.
Paper.
There was a time when we would send mail from person to person using paper. Important documentation was printed out as needed and if we needed to destroy it, there was fire and shredders. NOTE: The government never made a shredding company design and invent an de-shredder. But then we started to shift to digital communications and the government started wetting its lips with the potential treasure trove.
Why? Digital leaves finger prints everywhere it goes. When you send an email the email is routed from server to server to server leaving behind entire copies on computers all over the world. There are wonderful time stamps and trace routes on each copy and it is all in plain text. This is why Hillery's near exclusive use of a personal email for State Department business use is so troubling (and personally why she is unfit to be President). All of those emails are potentially deposited on servers all over the world from Russia to China to Mexico to the US. Email was a wonderful thing for surveillance and Text Messaging. OMG!!! It really became hard to shred documents. It became a feeding frenzy for the NSA and FBI.
Enter the shredder: Encryption. Open sourced and available to the world for free.
Many people think of Encryption as a safe but it isn't. It is a shredding/de-shredding technology. A public key is used to shred data into a billion trillion pieces for transmission (this can be from computer to computer or within a computer). This packet of shredded data can be deposited all over the internet and intercepted by anyone but it is completely unreadable. When it arrives at the intended recipient, a carefully guarded private key is used to de-shred it to usable form. If the private key is lost the document is forever shredded.
Because of the power to the private key, it is important to protect it with multiple levels of security and these designs are hard to get right. In some cases, key pairs are created and destroyed several times a minute. Once a hole is found in the design, they are easily exploited and the encryption serves no purpose. If you engineer in a hole, you destroy the security for EVERYONE using it once the hole is discovered and they always are.
Now this technology is ubiquitous in everything we do on the internet from messaging, searching, banking, finance, investments and commerce. It is the basis for our personal security. It hides our location from jealous ex-lovers. It hides our logins to our banks. It hides our credit card numbers on Amazon. Security, freedom and privacy line up. Even if you are doing nothing unethical or illegal, you have TONS to hide.
It also creates a situation where the FBI's feeding frenzy is being placed on a serious diet and the DOJ is having serious issue with this. They call it "going dark" and they are looking for cases to force silicon valley to create de-shredders that can de-shred any document. Farook's iPhone is the perfect wedge. A home grown terror attack on US soil. Public sympathy like you can't believe. It is the wedge the DOJ is using to force the tech industry to allow surveillance on encryption. This is a line in the sand we can not cross as a planet.
The Clipper Chip and a golden key.
If you engineer in collisions into the shredding tech, these are now found quickly. A key like this will be worth 100's of millions of dollars and there will be a human somewhere motivated by greed. The NSA tried to create an encryption chip with Key Escrow called the Clipper Chip. It failed because it was hacked in months.
With encryption EVERYONE is secure or NO ONE is secure there is no middle ground and there is no room for discussion. It is the math behind encryption. Again, there is NO room for discussion. There is no golden key and there is no magic wand capable of allowing surveillance on encrypted data. If a court precedent is set forcing US tech companies to write code to break their own security designs, it will do a few things:
1) The tech industry will leave to off shore locations.
2) People will loose faith in on-line commerce.
3) People will be much less secure in their digital footprint.
4) Billion's of people will be significantly less secure in their daily lives.