Encryption issue puts federal agencies at odds

Encryption issue puts federal agencies at odds
© Getty Images

The debate over encryption technology has exposed a push-and-pull between federal agencies that support the technology and those that warn of its dangers. 

In fact, the government funds a variety of projects that either develop or promote strong encryption tools, even as the FBI advocates against algorithms that can’t be pierced with a warrant. 

ADVERTISEMENT

“It’s an age-old tension in the government,” said Nathan Freitas, a fellow at Harvard University’s Berkman Center for Internet & Society and the founder of the Guardian Project, a collective of coders who develop open source security software, in part with federal funding. 

Many of these projects operate under the radar, while the FBI’s position has been splashed across newspaper headlines throughout the country thanks to its public feud with Apple over one of the San Bernardino shooters' locked iPhone.

Among the apps developed at least in part with federal funding are Cryptocat and Signal, which allow encrypted chatting on desktop and mobile, respectively, and Tor, an anonymizing browser commonly used to access the “dark Web.”

Since 2009, Congress has allocated millions of dollars to promote Internet freedom, a foreign policy push that had its genesis during Hillary ClintonHillary Diane Rodham ClintonRepublican Ohio Senate candidate slams JD Vance over previous Trump comments Budowsky: Why GOP donors flock to Manchin and Sinema Countering the ongoing Republican delusion MORE’s tenure as secretary of State.

The policy is intended to protect human rights under oppressive regimes by ensuring that dissidents and at-risk groups — like women, LGBT individuals and religious and ethnic minorities — can communicate without fear of reprisal.  

In 2014, Congress bumped up annual funding for the program to $50 million.

The money goes to the Broadcasting Board of Governors (BBG) and the Bureau of Democracy, Human Rights and Labor (DRL) in the State Department. It is used at least in part to directly fund the development of secure communication platforms.

The lion’s share goes to DRL, which, among other things, funds the development of new technologies for “secure communications, privacy protection or anonymization.”

Although the State Department is protective of many of the individual projects it funds, the agency publicly supports the Tor Project, which oversees the popular anonymity software that allows people to circumvent surveillance and censorship through layered encryption.

A nonprofit called the Open Technology Fund (OTF) receives and distributes about a fifth of federal funding for Internet freedom projects through the BBG. Many of those projects involve encryption.

The group’s work has mainstream applications.

Facebook’s popular instant messaging app WhatsApp this week rolled out end-to-end encryption for its billion-plus users. The company incorporated Signal’s encryption protocol, which was developed with OTF funding.

While the move was heralded by human rights activists as a win for political dissidents, journalists and other at-risk individuals, law enforcement officials and some lawmakers have already expressed fears that it will endanger public safety by stymieing investigations.

FBI general counsel James Baker said Tuesday that the move "presents us with a significant problem,” while Sen. Tom CottonTom Bryant CottonConservatives target Biden pick for New York district court GOP anger with Fauci rises Cotton swipes at Fauci: 'These bureaucrats think that they are the science' MORE (R-Ark.) strongly urged WhatsApp and Facebook "to reevaluate their decision before they help facilitate another terrorist attack.”

For over a year, FBI Director James Comey has led the charge in warning that terrorists and other criminals are using encryption technology to “go dark,” plotting attacks beyond the grasp of investigators.

Those concerns exploded into the public consciousness after the back-to-back terrorist attacks in Paris and San Bernardino, Calif., ignited fears that the killers were able to hide their plans using encryption.

Technology companies insist that unbreakable encryption is a prerequisite to keeping everyday users of the Internet safe from hackers and identity thieves — and from the prying foreign governments the State Department and BBG are trying to undermine through Internet freedom.

“There’s a pretty delicious little conflict there between State Department’s interest in promoting U.S. interests and law enforcement and [the intelligence community’s] interest in — not defeating those tools — but being able to use those same tools to catch bad guys,” said Dr. Sasha Romanosky, a policy researcher at the RAND Corporation.

Deepening that conflict is the fact that some federal agencies are actively researching how to make encryption more robust. The National Institute of Science and Technology (NIST), which develops cryptographic standards, writes on its website that its mission is to “protect the nation's IT infrastructure and information through strong cryptography.”

For cryptologists — who see the technology not only as a net positive to human rights but as the backbone of online security — the apparent tension between agencies when it comes to encryption policy is frustrating.

To many, the warnings by the FBI that terrorists are using encryption to “go dark” is like issuing an advisory that bank robbers are using cars to make their getaway. The technology is ubiquitous and necessary, they say — it’s inevitable that bad actors will also use it.

“I feel like someone is asking me, ‘Terrorists are using cereal! Terrorists are eating breakfast! What do we do?’ These are tools that are available to everyone,” said Nadim Kobeissi, who created the secure chat platform Cryptocat, in part with OTF funding.

A 2015 study from the RAND Corporation looked at whether the State Department has materially assisted criminals by effectively providing them with valuable tools developed through the Internet freedom program.

The researchers found that because alternative technologies exist that have comparable features, the State-funded projects didn’t increase the likelihood that those tools would be used for illicit purposes. In other words, the State Department didn’t provide criminals with anything they didn’t have access to elsewhere.

Policy researchers note that the intra-government friction is nothing new. Agencies that are concentrated on outreach often clash with those whose primary mission is defensive.

For many, the apparent contradiction is easily explained by agency incentive. While most branches of government benefit from robust encryption, law enforcement and intelligence agencies are directly confronted with its downsides.

Whether encryption is a good thing, Kobeissi says, “depends on what spokesperson you ask or what department you ask.”