Encryption with a backdoor accessible to very few in important situations is what President Barack Obama says he suspects is the answer to the digital privacy versus security debate. That contradicts the position of many in the security industry who believe that would inevitability lead to abuses of such a backdoor.
While speaking today at SXSW, Obama said he could not comment directly on the Apple-San Bernardino shooter case, but gave these remarks on the larger issue surrounding the FBI’s ongoing fight with Apple about penetrating encryption.
Here are Obama’s full remarks on the matter:
“All of us value our privacy, and this is a society that is built on a Constitution and a Bill Of Rights and a healthy skepticism about overreaching government power. Before smartphones were invented and to this day, if there is probable cause to think that you have abducted a child, or that you are engaging in a terrorist plot, or you are guilty of some serious crime, law enforcement can appear at your doorstep and say we have a warrant to search your home and can go into your bedroom and into your bedroom drawers to rifle through your underwear to see if there’s any evidence of wrongdoing.
And we agree on that because we recognize that just like all of our other rights, freedom of speech, freedom of religion, etc, that there are going to be some constraints imposed to ensure we are safe, secure and living in a civilized society.
Technology is evolving so rapidly that new questions are being asked, and I am of the view that there are very real reasons why we want to make sure the government can not just wily-nilly get into everyone’s iPhones or smartphones that are full of very personal information or very personal data.”
Obama went on to note that concerns about the government encroaching on privacy were heightened by the Snowden revelations, but also joked that TV crime shows have exaggerated the powers of law enforcement. But getting serious again, he said:
“What makes it even more complicated is that we also want really strong encryption because part of us preventing terrorism or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitized, is that hackers, state or non-state, can’t get in there and mess around.
So we have two values, both of which are important.
And the question we now have to ask is if technologically it is possible to make an impenetrable device or system where the encryption is so strong that there is no key there, there’s no door at all? And how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? What mechanisms do we have available that even do simple things like tax enforcement? Because if you can’t crack that at all, and government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket. So there has to be some some concession to the need to be able to get to that information somehow.”
Rather than only give his own perspective, Obama acknowledged the risks of a backdoor being misused, but said those risks can be mitigated with the help of the tech community.
Now what folks who are on the encryption side will argue is any key whatsoever, even if it starts off as just being directed at one device, could end up being used on any device. That’s just the nature of these systems.That is a technical question. I am not a software engineer. It is, I think, technically true, but i think it it can be overstated.
So the question now becomes, we as a society, setting aside the specific case between the FBI and Apple, setting aside the commercial interests, the concerns about what the Chinese government could do with this even if we trust the US government, setting aside all these questions, we’re going to have to make some decisions about how we balance these respective risks. I’ve got a bunch of smart people sitting there talking about it, thinking about it. We have engaged the tech community aggressively to help solve this problem.
My conclusion so far is that you cannot take an absolutist view on this. So if your argument is strong encryption no matter what, and we can’t and shouldn’t make black boxes, that I do not think strikes the balances we’ve struck for 200 or 300 years and it’s fetishizing our phones above every other value. And that can’t be the right answer. I suspect the answer will come down to how can we make sure the encryption is as strong as possible, the key as strong as possible, it’s accessible by the smallest number of people possible, for a subset of issues that we agree are important. How we design that is not something I have the expertise to do.
Obama concluded by urging us to address this problem now in a rational way rather than waiting for a catastrophe to force us into clumsy action.
I am way on the civil liberties side of this thing…I anguish a lot over the decisions we make in terms of how we keep this country safe, and I am not interested in overdrawing the values that have made us an exceptional and great nation simply for expediency. But the dangers are real. Maintaining law and order in a civilized society is important. Protecting our kids is important. And so I would just caution against an absolutist perspective on this.
Because we make compromises all the time. You know, I haven’t flown commercial in a while. But my understanding is that it’s not great fun going through security. But we make the concession. It’s a big intrusion on our privacy, but we recognize it as important. We have stops for drunk drivers. It’s an intrusion but we think it’s the right thing to do.
And this notion that somehow our data is different and can be walled off from those other trade-offs we make, I believe is incorrect. We do have to make sure, given the power of the Internet and how much our lives are digitized, that it is narrow, and is constrained, and that there’s oversight. I’m confident that this is something that we can solve.
But we’re going to need the tech community, the software designers, the people who care deeply about this stuff to help us solve it. Because what will happen is if everyone goes to their respective corners and the tech community says ‘Either we have strong, perfect encryption or else it’s Big Brother and an Orwellian world,’ what you’ll find is that after something really bad happens, the politics of this will swing, and they will become sloppy, and rushed, and it will go through Congress in ways that have not been thought through. And then you really will have dangers to our civil liberties because the people who understand this best, who care most about privacy and civil liberties, will have disengaged or taken a position that is not sustainable for the general public as a whole over time.
Obama essentially played both sides of the argument, identifying the need for privacy, but admitting that some limitations are required to keep Americans safe.
Pushing for backdoors goes against the perspective of many tech insiders and security advocates. Weakening core security of phones could make them vulnerable if the backdoor were ever misused by the government or stolen by hackers or a foreign state. Yet refusing to compromise encryption in any way now could lead to disastrous legislation in the future. Expect this to be a debate that will rage for years to come.