Encryption backdoors? It's an ongoing dialogue, say anti-terror bods
Silicon Valley's uneasy alliance with Washington
CloudFlare Internet Summit It's not every day you walk into a tech conference in San Francisco to find a propaganda video for the Islamic State playing on the screens.
Two counterterrorism experts from Washington, DC, were opening the CloudFlare Internet Summit by talking about the use of social media by terrorist groups and what could be done to counteract them.
It's a conversation that is had on the East Coast all the time, but not so much in Silicon Valley, as the shocked faces on attendees confirmed. And that's why they were here.
"After the San Bernardino shootings, the President asked how we could work together with the tech community," explains Jen Easterly, the president's special assistant and a senior director for counterterrorism at the National Security Council.
"We had a meeting in January where we brainstormed with tech companies how we could share information on how terrorists were using their platforms – because they don't want this stuff on their systems either."
Left to their own devices for a few minutes, both Easterly and her co-presenter John Mulligan, deputy director of the National Counterterrorism Center, start devising how Silicon Valley can help in their fight against groups like ISIL and Al-Qaeda.
"We're trying to get the broader ecosystem to reach young people, point out the hypocrisy of the so-called Caliphate," Easterly enthuses. "We can use tech to amplify those campaigns. We can underwrite and fund resources that help people that can make a difference – moms, dads, teachers, pastors..."
It took CloudFlare's general counsel Doug Kramer to bring things back down to Earth. Things work a little differently on the West Coast. "The values of privacy and transparency can often be in conflict with what we are asked to do – how can they be reconciled?" he noted diplomatically, before adding a few sidenotes: "There is the history of the NSA, the use of National Security Letters; they can run counter to the principles of privacy and transparency..."
To their credit, both Washingtonites got it immediately – clearly something useful has come out of the efforts to bridge the East-West gap. "Your point is completely valid," said Mulligan. "It's a continuing dialogue," he added before switching to talk about European governments.
The same language – continuing dialogue – was also used by Easterly. "We're dancing around the encryption question," she noted before continuing that same dance. "Everyone believes in the value of strong encryption ... It's not going to be resolved with this administration ... The American people will have to weigh in ... The problem is big and broad..."
It's clear that the uneasy stalemate between tech companies and law enforcement – most clearly signaled in the battle between the FBI and Apple over the San Bernardino shooter's iPhone – is still there, resting unhappily in the background.
What will get the wheels moving again? After the collapse of several legislative efforts in Congress, the November elections seem to be the answer. Hillary Clinton has already backtracked from her call for some kind of backdoor/frontdoor in encryption products and now advocates for a special commission to look at the issue. Donald Trump... well, who knows?
After the session, we asked Kramer and a number of CloudFlare's senior policy and technical people where they think the conversation is going. The short answer: no one knows. As a tech company, CloudFlare feels obliged to point out the same argument that the tech industry has repeatedly made: encryption is mathematics; a hole is a hole; if you introduce a backdoor for the US authorities, it can be opened by anyone.
The claim by the FBI, politicians and others that there is somehow a solution to this logical conundrum has been termed "magical thinking."
What's the answer?
There will be some kind of solution that will be arrived at in the next few years, however. As Mulligan noted: "[Groups like ISIL] throw out a wide net, and start pulling people in. And when people are pulled in, then they start using secure communications."
It's for that reason that the authorities are determined to find a way around encryption because to them, secure comms are the point at which people move from curious innocents to national security risks.
We'll have to wait until 2017 for that conversation to start properly. What will be the startpoint? The best thinking is two areas:
- First, static versus communications in transit: are the dangerous people emailing or talking? The two forms are very different animals and will likely need different approaches.
- And second, precision. As much as the NSA loves mass surveillance, they are always going to have to do it in the dark, because neither the American people nor tech companies accept it.
If Washington wants Silicon Valley's help, it will have to be more open. And that means precise, focused efforts – this communication here; that communication there. Then, perhaps the answer is pointing enormous computing resources at cracking a very small number of communications that represent real threats.
But for that to happen, both coasts are going to have to learn to trust one another a little more. ®