The Obama administration has announced it will not be seeking a legal mandate for backdoors into encrypted services, FBI Director James Comey has announced. During a hearing in front of the Senate Homeland Security and Governmental Affairs Committee, Comey said, “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry.”
Comey had been one of the most vocal advocates for mandating encrypted services like iMessage have government accessible backdoors to decrypt their contents. However, many companies, notably Apple and Google, had resisted this, noting that they cannot reasonably provide strong encryption and a backdoor at the same time. In a letter signed by groups such as the ACLU, Electronic Frontier Foundation, Free Software Foundation, and Human Rights Watch, as well as companies like Apple, Microsoft, Google, and Mozilla, they have opposed this. They noted that, “If American companies maintain the ability to unlock their customers’ data and devices on request, governments other than the United States will demand the same access, and will also be emboldened to demand the same capability from their native companies. The U.S. government, having made the same demands, will have little room to object. The result will be an information environment riddled with vulnerabilities that could be exploited by even the most repressive or dangerous regimes. “
A paper called “Keys Under Doormats: Mandating Insecurity By Requiring Government Access To All Data And Communications” by a group of security professionals, also called the proposal unfeasible, noting that, “If law enforcement’s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege. Moreover, law enforcement’s stated need for rapid access to data would make it impractical to store keys online or split keys among multiple keyholders, as security engineers would normally do with extremely high-value credentials. “
Despite this announcement, this is only the policy of the Obama Administration. The next president could reverse this policy to seek a legal mandate for backdoors, something that presidential candidates Jeb Bush and Carly Fiorina have said they would not uphold if elected, and candidate Hillary Clinton has said she would push for what she phrased as “the right balance”. Under current law, companies can generally be compelled to unlock accounts, but companies such as Apple have simply designed their systems so that they are unable to unlock it even with a warrant, and at least one judge has expressed skepticism over the government’s interpretation.