Obama edges toward full support for encryption – but does he understand what that means?

Leaked doc says no backdoors, doesn't grasp basics of crypto

The Obama Administration is weighing whether to come out in full support of unfettered encryption, something that would be a huge blow to the Feds, who have been pushing for compulsory backdoors in all new tech.

But there's something in the President's proposals that aren't quite right.

A leaked memo [PDF] from the National Security Council (NSC), seen and published by The Washington Post, outlines three options over what to do regarding the issue.

The first would make it plain that the President opposes both a new law and other actions to introduce backdoors, and would see him speak in favor of the benefits of encryption.

The second option is to defer any decisions and push the issue into open consultation with the aim of coming back to the issue. And the third is to punt the issue into the long grass.

There is no option to push encryption, or to seek legislation for a compulsory backdoor.

Each option is provided with a rundown of the pros and cons of each approach and how it would likely be received by key stakeholder groups such as the tech industry, law enforcement, and civil society.

It's an old public policy trick to provide three options and then make two so unpalatable that the third – the right one – is chosen. In this case, only the "do nothing" option is off the table, amid the suggestion that it would make the US look indecisive, would annoy everyone, and would only be putting the issue off for a few months.

The second option is pitched as presenting a compromise that would allow the Administration to negotiate with other governments and the tech industry.

Neither are as strongly represented, however, as the first option to speak out in favor of encryption. It states: "Overall, the benefits to privacy, civil liberties, and cybersecurity gained from encryption outweigh the broader risks that would have been created by weakening encryption." It then goes on to press all the right buttons.

What are the pros and cons?

The proposal to both come out in favor of encryption and "disavow legislation and other compulsory actions" acknowledges that it would cause annoyance on the part of law enforcement, and that it would go against some allies' positions (including the UK), but it lists a series of positives from the government perspective.

Such a move would encourage better cooperation from the tech industry, which would improve public safety and national security (the US government recently announced an effort to share details of security holes in software, for example).

It would also grow the country's economy, as it would show that US products are not tools for government surveillance and "would clearly differentiate U.S. policy from moves by China and others to mandate decryption." Google, Apple, Amazon, and a significant number of other large tech companies have previously complained that the Snowden revelations have undermined people's faith in their products and caused economic losses.

Such an approach would also bolster trust in the US government. The memo doesn't mention Edward Snowden (the US government is never keen on mentioning his name) but it does note that the proposal "counters the narrative that the United States is seeking to expand its surveillance capability at the expense of cybersecurity, and could help repair trust in the United States Government and U.S. companies overseas."

The move would please civil liberties groups, could aid in trade negotiations, and would end up the "strongest option" overall, the memo states.

Similar topics

Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block Microsoft ad trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains. Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    "I tested the DuckDuckGo so-called private browser for both iOS and Android, yet neither version blocked data transfers to Microsoft's Linkedin + Bing ads while viewing Facebook's workplace[.]com homepage," Edwards explained in a Twitter thread.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022