Some in the technology industry may have rolled their eyes when countries like Saudi Arabia, United Arab Emirates, India, and others began to crack down on BlackBerry communications services because their law enforcement agencies can’t peer into encrypted message traffic—but now the Obama administration may be seeking much the same thing, but not limited to BlackBerry service. According to a report in the New York Times,, the Obama administration is seeking new federal law that would require providers of encrypted communications services—whether instant messaging, email, VoIP, or anything else—to provide unencrypted access to user communications in response to a court order. If enacted as law, it could be illegal for a U.S. software company to provide communications technology to which only the end users had decryption keys.
In the New York Times piece, FBI general counsel Valerie Caproni emphasized the agency is only considering the legislation in terms of lawful interception: federal agents would still need a court order to force communications operators to provide access to unencrypted information.
Nonetheless, the possibility of requiring providers to build back doors into secure communications technologies opens up the possibilities those back doors could be abused: for instance, attackers could uncover technical shortcomings in the access mechanism, the backdoors could be unlocked via industrial espionage or good old-fashioned social engineering. There is also the disturbing possibility the federal government could overstep or seek to redefine its powers to surveil communications, as the National Security Administration did during the Bush administration with warrantless wiretaps.
Of course, even if the U.S. were to enact a law mandating backdoors to encrypted communications, it would be challenged in court by civil liberties groups and (likely) by major U.S. business concerns who don’t want their trade secrets and operations potentially exposed to anyone—including the government or competitors. U.S. federal law also cannot control the actions of overseas companies: if such legislation were to be enacted, it’s possible software firms would merely locate their fully-encrypted products to nations that have no laws barring them. The legislation also faces potential First Amendment challenges; existing court precedent has found that the guarantee of freedom of speech protects encryption code.
The potential move is ironic for the Obama administration: one of Obama’s campaign points in 2008 was strengthening online privacy protections.