What President Obama is getting wrong about encryption

President Obama tried to walk a very fine line on encryption, the technology that secures much of the communications that occur online, during his recent visit to Silicon Valley -- saying that he is a supporter of "strong encryption," but also understands law enforcement's desire to access data.

"I lean probably further in the direction of strong encryption than some do inside of law enforcement," Obamasaid during aninterviewwith tech news site re/code. "But I am sympathetic to law enforcement because I know the kind of pressure theyre under to keep us safe. And its not as black and white as its sometimes portrayed."

But the technical aspects of encryption actually are quite black and white, experts say, adding thatthe example Obama usedto illustratethe risks of encryption doesn't match up with how tech companies are deploying the security measure for customers. Obamasuggestedthat the FBI might be blocked from discovering who a terrorist was communicating with by tech companies' recent efforts to beef up encryption. But that type of data would still remain available, technical experts say.

The White House declined to comment.

Tech companies have expandedtheir encryption offeringssincedetails about the National Security Agency's efforts to get around security practices were revealed by former National Security Agency contractor Edward Snowden. Perhaps most notably, Apple and Google have made it so they are unable to unlock many mobile devices that use their operating systems -- even if served with a warrant.

This has set up a conflict between tech companies and law enforcement officials, who warn such technology can allow bad guys to "go dark" and evade legitimate attempts at surveillance.

Obama tried to explain a scenario where this might harm national security during his re/code interview:

Lets say you knew a particular person was involved in a terrorist plot. And the FBI is trying to figure out who else were they communicating with, in order to prevent the plot. Traditionally, what has been able to happen is that the FBI gets a court order. They go to the company, they request those records the same way that theyd go get a court order to request a wiretap. The company technically can comply.

With the expansion of encryption, Obama said, a tech company may have secured that data so well that it would be inaccessible. But that's not actually how the iOS or Android default encryption works, technical experts say.

"The example he gives in his interview is one where encryption deployed by a company prevents them from being able to tell the government who someone is in contact with," said Christopher Soghoian,the principal technologist at the American Civil Liberties Union's Speech, Privacy and Technology Project. "That's not taking place right now."

Excerpt from:
What President Obama is getting wrong about encryption