In President Obama’s prime-time address from the Oval Office—just his third in seven years—he struck a reassuring tone, reiterating his commitment to battling the Islamic State and calling for tolerance toward Muslim communities at home.
In the speech, the president called on Congress to formally authorize the use of military force against Islamic State terrorists, to enact a basic gun-control proposal, and to work out a system for stringent background checks for U.S. visas. But there was another policy proposal Obama mentioned briefly, which could have serious consequences for the way Americans use technology.
After Obama outlined his four-step plan to fight the Islamic State, he said:
[W]e constantly examine our strategy to determine when additional steps are needed to get the job done. That's why I've ordered the Departments of State and Homeland Security to review the visa-waiver program under which the female terrorist in San Bernardino originally came to this country. And that's why I will urge high-tech and law-enforcement leaders to make it harder for terrorists to use technology to escape from justice.
With that last sentence, Obama seemed to allude to a long-simmering debate between the U.S. technology industry and law-enforcement officials over encryption—and he seemed to hint that he was finally choosing a side.
Officials have long feared that terrorists are planning attacks via encrypted messages to avoid detection. Led by the FBI Director James Comey, members of the Obama administration have called on American technology leaders to make it easier for law enforcement to access messages that suspected terrorists send using encrypted platforms, like iMessage and WhatsApp.
But technology companies and cryptography experts have repeatedly said that the compromise the government is seeking is impossible. There is no way to allow law enforcement to access encrypted data without weakening the digital protection that keeps data safe from hackers.
If U.S. companies were forced to hand over the keys to their customers’ encrypted communications to the government, those who need a high level of online security and privacy would likely turn abroad for better options, potentially dealing a blow to the U.S.’s heavily technology-reliant economy. It’s not just shady actors that rely on encryption for security: The online-banking and e-commerce industries, for example, require high levels of digital protection to survive.
The government has made little headway against a steadfast Silicon Valley, which stands to gain from the continued use of strong encryption. So far, government officials have simply called for a “dialogue” about encryption, while warning of its ills. Although Obama has privately deliberated getting involved in the debate, he decided in October to stay mum on the issue.
A petition asking Obama to support strong encryption and distance himself from law enforcement requests for special access has accumulated more than 100,000 signatures, crossing the threshold that triggers a response from the White House.
While Obama’s veiled, passing reference to encryption Sunday night is far from an announcement of a sweeping policy change, it suggests he hasn’t written off law enforcement’s calls for weaker data protection. The president could ask Congress to propose legislation that would require tech companies to offer the government access to certain encrypted data, or implement a national encryption policy through an executive action.
For privacy advocates and security experts, the president’s allusion to encryption in a speech about terrorism is troubling. It's a sign that the recent spate of highly visible terrorist attacks—at home and abroad—might lead to a renewed push for surveillance, like the one that followed the attacks of September 11th.