Last Friday, at the White House’s Cybersecurity Summit at Stanford, reporter Kara Swisher sat down for a half-hour interview with President Obama (and she even dragged her famous red chairs along). It’s a better, more in-depth interview than you’re ever likely to see from the established mainstream press, and touches on a variety of issues regarding technology and security. While I don’t agree with some of the answers, I will say that the President appears to be extremely well-briefed on these issues, and didn’t make any totally ridiculous or glaringly misleading remarks. You can see the whole interview here:
In it, he admits that the “Snowden disclosures” (as he calls them) hurt “trust” between DC and the tech industry, and admits that the government has been “a little slow” in updating the laws for how the NSA operates online. However, he does say that surveillance on US persons is very carefully controlled and that he can say “with almost complete certainty that there haven’t been abuses on US soil.” He admits that’s not entirely the case overseas, where there are basically no limits on the NSA’s surveillance, and he recognizes that needs to change. Of course, if that’s the case, he can do that right now — because the NSA’s authority for all of that is an executive order, 12333, and he could revoke it and write a new one. But he hasn’t.
Then he gets to the area I found most interesting and want to focus on, the question of encryption. After discussing how he’s looking to update the rules for surveillance and his relationship with tech, the interview proceeds like this:
Obama: There’s still some issues like encryption…
Swisher: Let’s talk about encryption.
Obama: … that are challenging, and that’s something that’s been brought up…
Swisher: What’s wrong with what Google and Apple are doing? You have encrypted email.
Swisher: Shouldn’t everybody have encrypted email and have their protections?
Obama: Everybody should. And I’m a strong believer in strong encryption. Where the tension has come up, is historically what’s happened is that… let’s say you knew a particular person was involved in a terrorist plot, and the FBI is trying to figure out who else are they trying to communicate with to prevent the plot. Traditionally, what’s been able to happen is they get a court order, the FBI goes to the company, they request those records, the same way they’d go get a court order to request a wiretap. The company technically can comply.
The issue here is, partly in response to consumer demand, partly in response to legitimate concerns about consumer privacy, the technologies may be built to a point where, when the government goes…
Swisher: They can’t get the information.
Obama: … the company says “sorry, we just can’t pull it. It’s so sealed and tight that even though the government has a legitimate request, technologically we cannot do it.”
Swisher: Is what they’re doing wrong?
Obama: No. I think they are properly responding to a market demand. All of us are really concerned about making sure our…
Swisher: So what are you going to do?
Obama: Well, what we’re going to try to do is see if there’s a way for us to narrow this gap. Ultimately, everybody — and certainly this is true for me and my family — we all want to know if we’re using a smartphone for transactions, sending messages, having private conversations, we don’t have a bunch of people compromising that process. There’s no scenario in which we don’t want really strong encryption.
The narrow question is going to be: if there is a proper request for — this isn’t bulk collection, this isn’t fishing expeditions by government — where there’s a situation in which we’re trying to get a specific case of a possible national security threat, is there a way of accessing it? If it turns out there’s not, then we’re really going to have to have a public debate. And, I think some in Silicon Valley would make the argument — which is a fair argument, and I get — that the harms done by having any kind of compromised encryption are far greater than…
Swisher: That’s an argument you used to make, you would have made. Has something changed?
Obama: No, I still make it. It’s just that I’m sympathetic to law enforcement…
Swisher: Why? What happened? Because you were much stronger on…
Obama: No, I’m as strong as I have been. I think the only concern is… our law enforcement is expected to stop every plot. Every attack. Any bomb on a plane. The first time that attack takes place, where it turns out we had a lead and couldn’t follow up on it, the public’s going to demand answers. This is a public conversation that we should be having. I lean probably further in the direction of strong encryption than some do inside law enforcement. But I am sympathetic to law enforcement, because I know the kind of pressure they’re under to keep us safe. And it’s not as black and white as it’s sometimes portrayed. Now, in fairness, I think those in favor of air tight encryption also want to be protected from terrorists.
Obama: One of the interesting things about being in this job, is that it does give you a bird’s eye view. You are smack dab in the middle of these tensions that exist. But, there are times where folks who see this through a civil liberties or privacy lens reject that there’s any tradeoffs involved. And, in fact, there are. And you’ve got to own the fact that it may be that we want to value privacy and civil liberties far more than we do the safety issues. But we can’t pretend that there are no tradeoffs whatsoever.
I actually think this is a very good, nuanced answer to this issue. It doesn’t descend into hyperbole about child predators and ticking time bombs like law enforcement officials have done. He admits that there are tradeoffs and, at least publicly, seems to be willing to admit that stronger encryption without compromise might be the best solution.
Of course, where we’re left with questions is about his requested “public debate.” Where and how is that happening? Because, to date, the only noise on this issue coming out of his administration has been on the other side, pushing for new legislation that would require backdoors and compromise encryption. We haven’t seen anyone in the administration presenting the other side at all. And, for those of us who strongly believe that a basic cost/benefit analysis of weakening encryption vs. letting law enforcement do their job through traditional detective work would show that the “costs” of weakened encryption vastly outweigh the “threats” of criminals getting away with stuff, it would be nice to see the government at least recognizing that as well.
President Obama chides civil liberties and privacy folks for not getting that there are tradeoffs here, and I don’t think that’s accurate. Most do recognize the tradeoffs. It’s just that they believe the true benefit in terms of “stopping criminals” to weakening encryption is not very great, while the cost to everyone in risking their own privacy is massive. What we have not seen is any indication that law enforcement recognizes that there are tradeoffs, or that they care. Yes, as the President admits, they’re weighing some of this against “not getting blamed” when an inevitable “bad event” happens — but they don’t seem to be willing to recognize, at all, the risks to everyone’s privacy. That’s why they keep talking about golden keys and magic wizards who can make special encryption that only good guys can use.
So I’m glad that the President at least seems to recognize this is a nuanced issue with tradeoffs, but I wish that others in his administration, especially from the law enforcement side, were willing to recognize that as well.