White House explored ways to bypass smartphone encryption – memo

A leaked memo shows a White House working group explored ways for law enforcement to unlock encrypted smartphones. Among the ideas were separate encryption keys or spyware embedded in automatic software updates, according to the Washington Post.

The memo, drafted this summer by officials from law enforcement, intelligence, diplomatic and economic agencies, was created for eventual consideration by White House cabinet members.

The memo shows that four encryption-breaking methods explored by the working group were considered “technically feasible.”

One method was for providers to add a separate encrypted port to their devices through which law enforcement could access the data after receiving a warrant by using a set of keys that only they would have.

A second approach was to add spyware to automatic software updates, a method already employed effectively by hackers.

A third method described splitting up encryption keys that could be combined under court order, and a fourth solution involved a “forced backup,” which would upload data stored on an encrypted device to an unencrypted location.

National Security Council spokesman Mark Strol stated in an email to the Post that “these proposals are not being pursued.”

“The United States government firmly supports the development and robust adoption of strong encryption, while acknowledging the use of encryption by terrorist and criminals to conceal and enable crimes and other malicious activity can pose serious challenges to public safety. The administration continues to welcome public discussion on this issue as we consider policy options.”

The memo also raised concerns about sharing the proposals outside the government.

“Any proposed solution almost certainly would quickly become a focal point for attacks,” said the memo. “Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce ‘backdoors’ or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation,” the memo read, as reported by the Post.

Technologists argue that such approaches would weaken the security of encryption by adding layers of complexity that could hide bugs and create new potential targets for hackers.

The memo highlighted the government’s continued desire to have access to digital communications, as internet companies are under pressure from customers to offer privacy protections. Both Apple and Google have introduced encryption features for smartphones.

In May, 140 tech companies, including Apple and Google, and cryptology experts signed a letter that was sent to President Obama calling on his administration to push back against any proposals seeking to weaken encryption security for the benefit of policing agencies.

“Strong encryption is the cornerstone of the modern information economy’s security,” the letter reads, adding that the Obama administration must “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.

The message came in response to top law enforcement officials expressing unease with Apple and Google offering phones with encryption so strong that even police with warrants are unable to gain access.

FBI Director James Comey continued his push for Silicon Valley to give the federal government backdoor access to encrypted data at a congressional hearing on September 10. The tech industry told House Intelligence Committee members that it was not in their interest to help.

Comey said that he wants Silicon Valley to create a workaround that would give the federal government access to encrypted data in their programs and hardware.

“There shouldn’t be venom,” Comey told the committee. “We should all care about the same thing.”

The day after Comey testified, an MIT report warned that the government’s plans to weaken online encryption “would undo progress on security” in a post-Snowden world, making it easier for hackers to access sensitive material.