{"id":55299,"date":"2015-03-16T12:00:28","date_gmt":"2015-03-16T12:00:28","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=55299"},"modified":"2015-05-05T21:25:58","modified_gmt":"2015-05-05T20:25:58","slug":"the-cia-campaign-to-steal-apples-secrets","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2015\/03\/the-cia-campaign-to-steal-apples-secrets\/","title":{"rendered":"The CIA Campaign to Steal Apple\u2019s Secrets"},"content":{"rendered":"

10 Mar 2015 – <\/em>Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple\u2019s iPhones and iPads, according to top-secret documents<\/a> obtained by The Intercept<\/em>.<\/p>\n

\"iSpy_silhouette_v5-feature-hero-b<\/a><\/p>\n

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the \u201cJamboree,\u201d where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.<\/p>\n

By targeting essential security keys used to encrypt data stored on Apple\u2019s devices, the researchers have sought to thwart the company\u2019s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both \u201cphysical\u201d and \u201cnon-invasive\u201d techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple\u2019s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.<\/p>\n

The CIA declined to comment for this story.<\/p>\n

The security researchers also claimed they had created a modified version of Apple\u2019s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple\u2019s App Store.<\/p>\n

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could \u201cforce all iOS applications to send embedded data to a listening post.\u201d It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.<\/p>\n

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a \u201ckeylogger.\u201d<\/p>\n

Other presentations at the CIA conference have focused on the products of Apple\u2019s competitors, including Microsoft\u2019s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows.<\/p>\n

The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple\u2019s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government\u2019s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple\u2019s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.<\/p>\n

\u201cIf U.S. products are OK to target, that\u2019s news to me,\u201d says Matthew Green, a cryptography expert at Johns Hopkins University\u2019s Information Security Institute. \u201cTearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond \u2018targeting bad guys.\u2019 It may be a means to an end, but it\u2019s a hell of a means.\u201d<\/p>\n

Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple\u2019s privacy record.<\/p>\n

\"Lockheed<\/a>

Lockheed Martin Dulles Executive Plaza, Herndon, Virginia.<\/p><\/div>\n

SECURITY RESEARCHERS<\/strong> from Sandia National Laboratories presented their Apple-focused research at a secret annual CIA conference called the Trusted Computing Base Jamboree. The Apple research and the existence of the conference are detailed in documents provided to The Intercept<\/em> by National Security Agency whistleblower Edward Snowden.<\/p>\n

The conference was sponsored by the CIA\u2019s Information Operations Center, which conducts covert cyberattacks. The aim of the gathering, according to a 2012 internal NSA wiki, was to host \u201cpresentations that provide important information to developers trying to circumvent or exploit new security capabilities,\u201d as well as to \u201cexploit new avenues of attack.\u201d NSA personnel also participated in the conference through the NSA\u2019s counterpart to the CIA\u2019s Trusted Computing Base, according to the document. The NSA did not provide comment for this story.<\/p>\n

The Jamboree was held at a Lockheed Martin facility inside an executive office park in northern Virginia. Lockheed is one of the largest defense contractors in the world; its tentacles stretch into every aspect of U.S. national security and intelligence. The company is akin to a privatized wing of the U.S. national security state \u2014 more than 80 percent of its total revenue<\/a> comes from the U.S. government. Lockheed also owns Sandia Labs, which is funded by the U.S. government, whose researchers have presented Apple findings at the CIA conference.<\/p>\n

\u201cLockheed Martin\u2019s role in these activities should not be surprising given its leading role in the national surveillance state,\u201d says William Hartung, director of the Arms and Security Project at the Center for International Policy and author of Prophets of War<\/em>, a book that chronicles Lockheed\u2019s history. \u201cIt is the largest private intelligence contractor in the world, and it has worked on past surveillance programs for the Pentagon, the CIA and the NSA. If you\u2019re looking for a candidate for Big Brother, Lockheed Martin fits the bill.\u201d<\/p>\n

The Apple research is consistent with a much broader secret U.S. government program to analyze \u201csecure communications products, both foreign and domestic\u201d in order to \u201cdevelop exploitation capabilities against the authentication and encryption schemes,\u201d according to the 2013 Congressional Budget Justification. Known widely as the \u201cBlack Budget,\u201d the top-secret CBJ was provided to The Intercept<\/em> by Snowden and gives a sprawling overview of the U.S. intelligence community\u2019s spending and architecture. The White House did not respond to a request for comment.<\/p>\n

As of 2013, according to the classified budget, U.S. intelligence agencies were creating new capabilities against dozens of commercially produced security products, including those made by American companies, to seek out vulnerabilities.<\/p>\n

Last week, CIA Director John Brennan announced a major reorganization at the agency aimed, in large part, at expanding U.S. cyber-operations. The Information Operations Center, which organized the Jamboree conferences, will be folded into a new Directorate of Digital Innovation. Notwithstanding its innocuous name, a major priority of the directorate will be offensive cyberattacks, sabotage and digital espionage. Brennan said the CIA reorganization will be modeled after the agency\u2019s Counterterrorism Center, which runs the U.S. targeted killing and drone program.<\/p>\n

\"iphones-540x272<\/a><\/p>\n

THE DOCUMENTS<\/strong> do not address how successful the targeting of Apple\u2019s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence. But they do shed light on an ongoing campaign aimed at defeating the tech giant\u2019s efforts to secure its products, and in turn, its customers\u2019 private data.<\/p>\n

\u201cSpies gonna spy,\u201d says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. \u201cI\u2019m never surprised by what intelligence agencies do to get information. They\u2019re going to go where the info is, and as it moves, they\u2019ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.\u201d<\/p>\n

Bellovin says he generally supports efforts by U.S. intelligence to \u201chack\u201d devices \u2014 including Apple\u2019s \u2014 used by terrorists and criminals, but expressed concern that such capabilities could be abused. \u201cThere are bad people out there, and it\u2019s reasonable to seek information on them,\u201d he says, cautioning that \u201cinappropriate use \u2014 mass surveillance, targeting Americans without a warrant, probably spying on allies \u2014 is another matter entirely.\u201d<\/p>\n

In the top-secret documents, ranging from 2010 through 2012, the researchers appear particularly intent on extracting encryption keys that prevent unauthorized access to data stored \u2014 and firmware run \u2014 on Apple products.<\/p>\n

\u201cThe Intelligence Community (IC) is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches,\u201d the researchers noted in an abstract of their 2011 presentation at the Jamboree. But, they promised, their presentation could provide the intelligence community with a \u201cmethod to noninvasively extract\u201d encryption keys used on Apple devices. Another presentation focused on physically extracting the key from Apple\u2019s hardware.<\/p>\n

A year later, at the 2012 Jamboree, researchers described their attacks on the software used by developers to create applications for Apple\u2019s popular App Store. In a talk called \u201cStrawhorse: Attacking the MacOS and iOS Software Development Kit,\u201d a presenter from Sandia Labs described a successful \u201cwhacking\u201d of Apple\u2019s Xcode \u2014 the software used to create apps for iPhones, iPads and Mac computers. Developers who create Apple-approved and distributed apps overwhelmingly use Xcode, a free piece of software easily downloaded from the App Store.<\/p>\n

The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer \u2014 potentially millions of people. \u201cTrying to plant stuff in Xcode has fascinating implications,\u201d says Bellovin.<\/p>\n

The researchers listed a variety of actions their \u201cwhacked\u201d Xcode could perform, including:<\/p>\n

\u2014 \u201cEntice\u201d all Mac applications to create a \u201cremote backdoor\u201d allowing undetected access to an Apple computer.<\/p>\n

\u2014 Secretly embed an app developer\u2019s private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.)<\/p>\n

\u2014 \u201cForce all iOS applications\u201d to send data from an iPhone or iPad back to a U.S. intelligence \u201clistening post.\u201d<\/p>\n

\u2014 Disable core security features on Apple devices.<\/p>\n

For years, U.S. and British intelligence agencies have consistently sought to defeat the layers of encryption and other security features used by Apple to protect the iPhone. A joint task force comprised of operatives from the NSA and Britain\u2019s Government Communications Headquarters, formed in 2010, developed surveillance software targeting iPhones, Android devices and Nokia\u2019s Symbian phones. The Mobile Handset Exploitation Team successfully implanted malware on iPhones as part of WARRIOR PRIDE, a GCHQ framework for secretly accessing private communications on mobile devices.<\/p>\n

That program was disclosed in Snowden documents reported on last year by The Guardian<\/em><\/a>. A WARRIOR PRIDE plugin called NOSEY SMURF allowed spies to remotely and secretly activate a phone\u2019s microphone. Another plugin, DREAMY SMURF, allowed intelligence agents to manage the power system on a phone and thus avoid detection. PARANOID SMURF was designed to conceal the malware in other ways. TRACKER SMURF allowed ultra-precise geolocating of an individual phone. \u201c[If] its [sic] on the phone, we can get it,\u201d the spies boasted in a secret GCHQ document describing the targeting of the iPhone.<\/p>\n

All of the SMURF malware \u2014 including the plugin that secretly turns on the iPhone\u2019s microphone \u2014 would first require that agencies bypass the security controls built into the iOS operating system. Spies would either need to hack the phone in order to plant their malware on it, or sneak a backdoor into an app the user installed voluntarily. That was one of the clear aims of the Apple-focused research presented at the CIA\u2019s conference.<\/p>\n

\u201cThe U.S. government is prioritizing its own offensive surveillance needs over the cybersecurity of the millions of Americans who use Apple products,\u201d says Christopher Soghoian, the principal technologist at the American Civil Liberties Union. \u201cIf U.S. government-funded researchers can discover these flaws, it is quite likely that Chinese, Russian and Israeli researchers can discover them, too. By quietly exploiting these flaws rather than notifying Apple, the U.S. government leaves Apple\u2019s customers vulnerable to other sophisticated governments.\u201d<\/p>\n

Security experts interviewed by The Intercept<\/em> point out that the SMURF capabilities were already available to U.S. and British intelligence agencies five years ago. That raises the question of how advanced the current capacity to surveil smartphone users is, especially in light of the extensive resources poured into targeting the products of major tech companies. One GCHQ slide from 2010 stated that the agency\u2019s ultimate goal was to be able to \u201cExploit any phone, anywhere, any time.\u201d<\/p>\n

\"Steve<\/a>

Steve Jobs unveiling the first iPhone on January 9, 2007.<\/p><\/div>\n

THE FIRST JAMBOREE<\/strong>\u00a0took place in 2006, just as Apple was preparing to unveil its highly-anticipated iPhone. In March 2010, according to a top-secret document, during a talk called \u201cRocoto: Implanting the iPhone,\u201d a presenter discussed efforts to target the iPhone 3G. In addition to analyzing the device\u2019s software for potential vulnerabilities, the presentation examined \u201cjailbreak methods,\u201d used within the iPhone community to free phones from their built-in constraints, that could be leveraged by intelligence agencies. \u201cWe will conclude with a look ahead at future challenges presented by the iPhone 3GS and the upcoming iPad,\u201d the abstract noted. Over the years, as Apple updates its hardware, software and encryption methods, the CIA and its researchers study ways to break and exploit them.<\/p>\n

The attempts to target vulnerabilities in Apple\u2019s products have not occurred in a vacuum. Rather, they are part of a vast multi-agency U.S.\/U.K. effort to attack commercial encryption and security systems used on billions of devices around the world. U.S. intelligence agencies are not just focusing on individual terrorists or criminals \u2014 they are targeting the large corporations, such as Apple, that produce popular mobile devices.<\/p>\n

\u201cEvery other manufacturer looks to Apple. If the CIA can undermine Apple\u2019s systems, it\u2019s likely they\u2019ll be able to deploy the same capabilities against everyone else,\u201d says Green, the Johns Hopkins cryptographer. \u201cApple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone.\u201d<\/p>\n

According to the Black Budget, U.S. intelligence agencies have tech companies dead in their sights with the aim of breaking or circumventing any existing or emerging encryption or antiviral products, noting the threat posed by \u201cincreasingly strong commercial\u201d encryption and \u201cadversarial cryptography.\u201d<\/p>\n

The Analysis of Target Systems Project produced \u201cprototype capabilities\u201d for the intelligence community, enabled \u201cthe defeat of strong commercial data security systems\u201d and developed ways \u201cto exploit emerging information systems and technologies,\u201d according to the classified budget. The project received $35 million in funding in 2012 and had more than 200 personnel assigned to it. By the end of 2013, according to the budget, the project would \u201cdevelop new capabilities against 50 commercial information security device products to exploit emerging technologies,\u201d as well as new methods that would allow spies to recover user and device passwords on new products.<\/p>\n

Among the project\u2019s missions:<\/p>\n

\u2014 Analyze \u201csecure communications products, both foreign and domestic produced\u201d to \u201cdevelop exploitation capabilities against the authentication and encryption schemes.\u201d<\/p>\n

\u2014 \u201c[D]evelop exploitation capabilities against network communications protocols and commercial network security products.\u201d<\/p>\n

\u2014 \u201cAnticipate future encryption technologies\u201d and \u201cprepare strategies to exploit those technologies.\u201d<\/p>\n

\u2014 \u201cDevelop, enhance, and implement software attacks against encrypted signals.\u201d<\/p>\n

\u2014 \u201cDevelop exploitation capabilities against specific key management and authentication schemes.\u201d<\/p>\n

\u2014 \u201c[D]evelop exploitation capabilities against emerging multimedia applications.\u201d<\/p>\n

\u2014 Provide tools for \u201cexploiting\u201d devices used to \u201cstore, manage, protect, or communicate data.\u201d<\/p>\n

\u2014 \u201cDevelop methods to discover and exploit communication systems employing public key cryptography\u201d and \u201ccommunications protected by passwords or pass phrases.\u201d<\/p>\n

\u2014 Exploit public key cryptography.<\/p>\n

\u2014 Exploit Virtual Private Networks, or VPNs, which allow people to browse the Internet with increased security and anonymity.<\/p>\n

The black budget also noted that the U.S. intelligence community partners with \u201cNational Laboratories\u201d to conduct the type of research presented at the CIA\u2019s annual Jamboree conference. It confirms the U.S. government\u2019s aggressive efforts to steal encryption and authentication keys, as occurred in the NSA and GCHQ operations against Gemalto<\/a>, the world\u2019s largest manufacturer of SIM cards, through the use of Computer Network Exploitation attacks. In that case, spy agencies penetrated Gemalto\u2019s internal networks and cyberstalked its employees to steal mass quantities of keys used to encrypt mobile phone communications.<\/p>\n

The CIA\u2019s Information Operations Center is currently the second largest<\/a> of the spy agency\u2019s specialized centers. It not only conducts cyber-ops, but has operated covertly in other nations, working to develop assets from targeted countries to assist in its cyber-surveillance programs, according to the Black Budget. At times, its personnel brief the president.<\/p>\n

\"U.S.<\/a>

U.S. President Barack Obama holds up an iPad.<\/p><\/div>\n

AT THE CIA\u2019s<\/strong> Jamboree in 2011, the computer researchers conducted workshops where they revealed the specifics of their efforts to attack one of the key privacy elements of Apple\u2019s mobile devices. These machines have two separate keys integrated into the silicon of their Apple-designed processors at the point of manufacture. The two, paired together, are used to encrypt data and software stored on iPhones and iPads. One, the User ID, is unique to an individual\u2019s phone, and is not retained by Apple. That key is vital to protecting an individual\u2019s data and \u2014 particularly on Apple\u2019s latest devices \u2014 difficult to steal. A second key, the Group ID, is known to Apple and is the same across multiple Apple devices that use the same processor. The GID is used to encrypt essential system software that runs on Apple\u2019s mobile devices.<\/p>\n

The focus of the security researchers, as described at the CIA conferences, was to target the GID key, which Apple implants on all devices that use the same processors. For instance, Apple\u2019s A4 processor was used in the iPhone 4, the iPod Touch and the original iPad. All of those devices used the same GID. As Apple designs new processors and faster devices that use those processors, the company creates new GIDs.\u00a0If someone has the same iPhone as her neighbor, they have the exact same GID key on their devices. So, if intelligence agencies extract the GID key, it means they have information useful to compromising any device containing that key.<\/p>\n

At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple\u2019s processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of \u2014 and the amount of power used by \u2014 the iPhone\u2019s processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a \u201cside channel\u201d attack. The second focused on a \u201cmethod to physically extract the GID key.\u201d<\/p>\n

Whatever method the CIA and its partners use, by extracting the GID \u2014 which is implanted on the processors of all Apple mobile devices \u2014 the CIA and its allies could be able to decrypt the firmware that runs on the iPhone and other mobile devices. This would allow them to seek out other security vulnerabilities to exploit. Taken together, the documents make clear that researching each new Apple processor and mobile device, and studying them for potential security flaws, is a priority for the CIA.<\/p>\n

According to the 2011 document describing the Jamboree presentations on Apple\u2019s processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. \u201cIf successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad.\u201d<\/p>\n

At the CIA conference in 2012, Sandia researchers delivered a presentation on Apple\u2019s A5 processor. The A5 is used in the iPhone 4s and iPad 2. But this time, it contained no abstract or other details, instructing those interested to contact a CIA official on his secure phone or email.<\/p>\n

\u201cIf I were Tim Cook, I\u2019d be furious,\u201d says the ACLU\u2019s Soghoian. \u201cIf Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words.\u201d<\/p>\n

\"Apple<\/a>

Apple CEO Tim Cook testifies on Capitol Hill in Washington, May 21, 2013.<\/p><\/div>\n

FOR YEARS<\/strong>, Apple has included encryption features in the products it sells to consumers. In 2014, the company dramatically broadened the types of data stored on iPhones that are encrypted, and it incorporated encryption by default into its desktop and laptop operating system. This resulted in criticism from leading law enforcement officials, including the FBI director. The encryption technology that Apple has built into its products \u2014 along with many other security features \u2014 is a virtual wall that separates cybercriminals and foreign governments from customer data. But now, because Apple claims it can no longer extract customer data stored on iPhones, because it is encrypted with a key the company does not know, the U.S. government can be locked out too \u2014 even with a search warrant. The FBI director and other U.S. officials have referred to the advent of the encryption era \u2014 where previously accessible data and communications may now be off limits because of the security technology protecting them \u2014 as \u201cgoing dark.\u201d<\/p>\n

In the face of this rising challenge to its surveillance capabilities, U.S. intelligence has spent considerable time and resources trying to find security vulnerabilities in Apple\u2019s encryption technology, and, more broadly, in its products, which can be leveraged to install surveillance software on iPhones and Macbooks. \u201cThe exploitation of security flaws is a high-priority area for the U.S. intelligence community, and such methods have only become more important as U.S. technology companies have built strong encryption into their products,\u201d says the ACLU\u2019s Soghoian.<\/p>\n

Microsoft has, for nearly a decade, included BitLocker, an encryption technology that protects data stored on a computer, in its Windows operating system. Unlike Apple, which made encryption available to all customers, Microsoft had included this feature only in its more expensive premium and professional versions of Windows, up until a few years ago. BitLocker is designed to work with a Trusted Platform Module, a special security chip included in some computers, which stores the encryption keys and also protects against unauthorized software modification.<\/p>\n

Also presented at the Jamboree were successes in the targeting of Microsoft\u2019s disk encryption technology, and the TPM chips that are used to store its encryption keys. Researchers at the CIA conference in 2010 boasted about the ability to extract the encryption keys used by BitLocker and thus decrypt private data stored on the computer. Because the TPM chip is used to protect the system from untrusted software, attacking it could allow the covert installation of malware onto the computer, which could be used to access otherwise encrypted communications and files of consumers. Microsoft declined to comment for this story.<\/p>\n

In the wake of the initial Snowden disclosures, Apple CEO Tim Cook has specifically denounced the U.S. government\u2019s efforts to compel companies to provide backdoor access to their users\u2019 data.<\/p>\n

\u201cI want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,\u201d Cook said last September in announcing Apple\u2019s new privacy policy. More recently, Cook said, \u201cNone of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn\u2019t give it up. We shouldn\u2019t give in to scare-mongering.\u201d<\/p>\n

As corporations increasingly integrate default encryption methods and companies like Apple incorporate their own indigenous encryption technologies into easy-to-use text, voice and video communication platforms, the U.S. and British governments are panicking. \u201cEncryption threatens to lead all of us to a very dark place,\u201d declared FBI Director James Comey in an October 2014 lecture at the Brookings Institution. Citing the recent moves by Apple to strengthen default encryption on its operating systems, and commitments by Google to incorporate such tools, Comey said, \u201cThis means the companies themselves won\u2019t be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within.\u201d<\/p>\n

Under current U.S. regulations, law enforcement agencies can get a court order to access communications channeled through major tech companies and wireless providers. But if those communications are encrypted through a process not accessible by any involved company, the data is essentially meaningless, garbled gibberish. \u201cIn a world in which data is encrypted, and the providers don\u2019t have the keys, suddenly, there is no one to go to when they have a warrant,\u201d says Soghoian. \u201cThat is, even if they get a court order, it doesn\u2019t help them. That is what is freaking them out.\u201d<\/p>\n

Comey alleged that \u201ceven a supercomputer would have difficulty with today\u2019s high-level encryption,\u201d meaning a \u201cbrute force\u201d attempt to decrypt intercepted communications would be ineffective, and, even if successful, time-consuming.<\/p>\n

\u201cEncryption isn\u2019t just a technical feature; it\u2019s a marketing pitch,\u201d Comey added. \u201cBut it will have very serious consequences for law enforcement and national security agencies at all levels. Sophisticated criminals will come to count on these means of evading detection. It\u2019s the equivalent of a closet that can\u2019t be opened. A safe that can\u2019t be cracked.\u201d<\/p>\n

A few months after Comey\u2019s remarks, Robert Litt, the general counsel for the Office of the Director of National Intelligence, also appeared at Brookings. \u201cOne of the many ways in which Snowden\u2019s leaks have damaged our national security is by driving a wedge between the government and providers and technology companies, so that some companies that formerly recognized that protecting our nation was a valuable and important public service now feel compelled to stand in opposition,\u201d Litt said. He appealed to corporations to embrace \u201ca solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.\u201d<\/p>\n

Green, the Johns Hopkins professor, argues that U.S. government attacks against the products of American companies will not just threaten privacy, but will ultimately harm the U.S. economy. \u201cU.S. tech companies have already suffered overseas due to foreign concerns about our products\u2019 security,\u201d he says. \u201cThe last thing any of us need is for the U.S. government to actively undermine our own technology industry.\u201d<\/p>\n

The U.S. government is certainly not alone in the war against secure communications. British Prime Minister David Cameron has suggested that if he is re-elected, he may seek to ban encrypted chat programs that do not provide backdoor access to law enforcement. \u201cAre we going to allow a means of communications which it simply isn\u2019t possible to read?\u201d Cameron said in a speech in England earlier this year. \u201cMy answer to that question is: \u2018No, we must not.\u2019\u201d<\/p>\n

When the Chinese government recently tried to force tech companies to install a backdoor in their products for use by Chinese intelligence agencies, the U.S. government denounced China. \u201cThis is something that I\u2019ve raised directly with President Xi,\u201d President Obama said in early March. \u201cWe have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.\u201d But China was actually following the U.S. government\u2019s lead. The FBI has called for an expansion of U.S. law, which would require Apple and its competitors to design their products so that all communications could be made available to government agencies. NSA officials have expressed similar sentiments.<\/p>\n

\u201cObama\u2019s comments were dripping with hypocrisy,\u201d says Trevor Timm, executive director of the Freedom of the Press Foundation. \u201cDon\u2019t get me wrong, his actual criticism of China for attempting to force tech companies to install backdoors was spot on \u2014 now if only he would apply what he said to his own government. Since he now knows backdooring encryption is a terrible policy that will damage cybersecurity, privacy, and the economy, why won\u2019t he order the FBI and NSA to stop pushing for it as well?\u201d<\/p>\n

_______________________________<\/p>\n

Andrew Fishman, Alleen Brown, Andrea Jones, Ryan Gallagher, Morgan Marquis-Boire, and Micah Lee contributed to this story.<\/em><\/p>\n

Documents published with this article:<\/em><\/p>\n