Government Is Fighting Itself on Encryption
The FBI has a long list of enemies. There are of course terrorists, organized criminals and street gangs. One can't forget hackers and foreign spies. Add to this list an unlikely foe: Radio Free Asia.
How does a cold-war-era government broadcasting outlet end up posing a threat to the FBI? Because the broadcaster wanted to get its news content into countries with Internet censorship, and the FBI is now worried that the technology it helped foster is enabling cyber criminals.
Since 2011, as part of the Clinton State Department's policy to support Internet freedom, Radio Free Asia has incubated easy-to-use technologies that help regular people cloak their Internet communications from surveillance. The program, the Open Technology Fund, has provided seed money in this field, including $1.4 million in 2013 and 2014 to Open Whisper. That small company's technology is now being used to encrypt texts and phone calls on Android devices and iPhones.
Open Whisper is noticeably different from past encryption efforts. Frederic Jacobs, a developer of Open Whisper's iPhone app, Signal, told me that earlier generations of encryption software like PGP, short for Pretty Good Privacy, asked the user to repeat keys and codes to begin a secure conversation. Signal, he said, is aimed "to achieve a similar experience that a lot of messaging apps are offering, but with built-in security."
Chris Soghoian, the chief technologist for the American Civil Liberties Union, is impressed. "What's amazing about this next generation of secure communication tools, is not just that they employ best-of-breed cryptography," he told me. "It's that they are now easy to use."
Before the 2013 disclosures of former NSA contractor Edward Snowden, the FBI and the U.S. intelligence community was less worried about this kind of thing. Spies, criminals and terrorists have used encryption technology for years. But major Internet companies didn't offer powerful encryption as a default setting on their products. That is changing in 2015. Open Whisper's technology is now built into the Android version of the chat program WhatsApp, which is approaching 1 billion users.
The FBI and the U.S. intelligence community worry that the pervasive use of strong encryption creates a kind of dark space where terrorists can inspire lone wolves and child pornographers can operate with impunity.
This is not to say that the FBI opposes encryption. Director James Comey last week told a Congressional hearing that his bureau encourages companies to use strong encryption to protect proprietary data. But Comey would like U.S. Internet companies to come up with a way for law enforcement to access these communications during criminal investigations.
Kiran Raj, the counsel to the deputy attorney general at the U.S. Department of Justice, said Wednesday that he opposed "warrant-proof" communications, meaning e-mails, chats or voice conversations that cannot be retrieved if requested by law enforcement or ordered by a court. Speaking at an event hosted by the new cyber news site Passcode, Raj said these were communications systems "designed so that only the end users can access the information."
That's exactly what some developers want: automatic encryption and strict access, so that even the company controlling the app cannot see users' messages. Warrant or no warrant, law enforcement could not force companies to turn over users' communications.
Jon Callas, the chief technology officer at Silent Circle, a company that has designed a rival application to Open Whisper's product that encrypts chats and voice calls on smartphones, said Wednesday at the forum that if he designed a key so he could obtain his customer's conversations for the U.S. government, he would eventually be obliged to give the same kind of information to foreign governments like China and Russia, to comply with their laws.
Radio Free Asia understood that. Part of its goal in supporting encryption technology was to give dissidents in places like China and Russia a space to communicate freely. Unfortunately WhatsApp has been used for less noble purposes as well, according to law enforcement officials. As the Los Angeles Times reported this summer, the FBI at one point asked Congress for the authority to tap into applications like WhatsApp as well as secure chat programs like Wickr, which destroy messages shortly after they are sent The bureau in recent months however has dropped this request and is now asking technology companies to voluntarily provide this access.
This is not the first time the U.S. government has helped develop an Internet tool that was later adopted by criminal elements. The U.S. Navy in the 1990s developed an Internet tool known as the Onion Router, or TOR, that hid the identity of a machine as it accessed the Internet. TOR has received funding from the State Department and the Broadcasting Board of Governors, the umbrella organization that includes Radio Free Asia. But even early on, there was concern inside the government because TOR was a popular tool for cyber criminals.
Ian Schuler, the senior director of Internet freedom programs at the State Department between 2011 and 2013, told me that when issues would be raised about applications like TOR, the State Department argued it was worth supporting it "even if not everyone in the government was 100 percent about these applications."
TOR and other early programs that enabled anonymous Web browsing were valuable to overseas activists who sought to overcome censorship. "We thought the risks of not allowing the Internet to be secure and a vehicle for free speech was more detrimental than the risks of bad guys using it in ways that made it harder to go after them," said Schuler, who is now the CEO of a technology firm, Development Seed.
The grants to fund things like TOR and Open Whisper were the result of an ambitious policy championed by Hillary Clinton when she was secretary of state. In three major policy speeches, Clinton laid out a vision heavily influenced by the Internet activism that helped organize the green revolution in Iran in 2009 and other revolutions in the Arab world in 2010 and 2011. One result of this new policy was the creation of Radio Free Asia's Open Technology Fund.
These were optimistic speeches. "We believe that governments who have erected barriers to Internet freedom -- whether they’re technical filters or censorship regimes or attacks on those who exercise their rights to expression and assembly on line -- will eventually find themselves boxed in," she said in 2011 at George Washington University. Clinton called this the "dictator's dilemma." She said that eventually the dictator would have to "choose between letting the walls fall or paying the price to keep them standing."
Top officials don't talk like this anymore. After all, Obama's second-term foreign policy will be defined by the deal he made with Iran, one of the world's most aggressive censors of the Internet. Obama's second term also saw the rise of the Islamic State, which uses encrypted chats to help inspire lone wolf attacks in the West.
Clinton herself talks about the issue differently now. In February, Clinton told a forum in Silicon Valley that Internet companies needed to strike a balance between privacy and security when it came to encryption.
After making a perfunctory case for privacy, she said: "We also don't want to find ourselves in a position where it's a legitimate security threat we're facing and we can't figure out how to address it because we have no way into whatever is holding the information."
Aiming for the White House, Clinton is trying to speak for the government as a whole -- not just the State Department agencies that foster secure communications, but also the law enforcement agencies that fear it.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the author of this story:
Eli Lake at firstname.lastname@example.org
To contact the editor responsible for this story:
Philip Gray at email@example.com