Right now, you can chat with a friend using a number of messaging apps — be they iMessage, Facebook Messenger or WhatsApp — and be confident that your conversation is completely encrypted from one end to the other, unable to be intercepted by third parties. But if some of President Donald Trump's top security officials have their way, that peace of mind will be a thing of the past.
The story comes by way of Politico, which reported last week that second-in-command officials of several U.S. government agencies convened at the White House for a National Security Council meeting.
The topic: whether to ask Congress for legislation that would force Apple, Facebook and the like to build a government backdoor into encrypted messaging technologies and partly resolve the "Going Dark" issue that has vexed law enforcement for more than a decade.
The so-called "Deputies Committee" has reportedly not yet decided how to broach the issue, according to Politico’s anonymous sources. Two plans apparently under consideration were to either directly request legislation from lawmakers, or to issue a general statement stating the council’s position on encryption.
Differing attitudes among government departments reflect the complexity of the issue. For many years, the FBI and Department of Justice have said that the encryption status quo needs to be demolished so that criminal investigations can be conducted effectively.
The Commerce and State Departments have been concerned about the national-security implications of forcing tech firms to utilize less-robust encryption methods that the U.S. government can break.
Politico reports that the Department of Homeland Security is "internally divided" on the issue. Its former head, Michael Chertoff, has publicly come out in favor of civilian use of strong encryption, along with Mike McConnell, a former head of the NSA.
MORE: Best Encrypted Messaging Apps
Should such a law pass, end-user privacy would likely be crippled as it would be easier for malicious parties, or foreign governments, to intercept individuals’ conversations through the backdoors intended for U.S. law enforcement.
On the flip side, criminals and terrorists might turn to lesser-known encrypted messaging apps like Telegram and Signal to discuss their plans. Telegram, already used by Islamic terrorists, is not a U.S. company, and Signal is an open-source project that anyone in the world can replicate. The U.S. could try banning both from American app stores, but that wouldn't stop Android users from side-loading the apps onto their phones.
The "Going Dark" issue has been bouncing around Washington since about 2005, when the FBI and DoJ began warning officials that they'd soon be unable to tap into communications or read encrypted stored data even with a warrant, a prediction that soon became true.
The administrations of George W. Bush and Barack Obama took no action on the issue, and congressional bills mandating government backdoors went nowhere. FBI Directors James Comey and Christopher Wray pleaded for it in vain, as did former U.S. Attorney General Loretta Lynch, but Silicon Valley has been resolutely opposed.
The National Security Council’s meeting last week represents the government’s first step toward restricting encryption since the December 2015 San Bernardino, California, terrorist attack and workplace shooting. The FBI asked for Apple’s help in accessing a locked iPhone used by one of the shooters, but Apple refused to comply because the company would have had to fundamentally undermine its own encryption standards.
The San Bernardino case was somewhat different from what the NSC Deputies Committee reportedly discussed last week, since the shooter's locked iPhone held encrypted stored data — "data at rest" in industry jargon. End-to-end encrypted messaging involves "data in motion," and cracking that may require different technological and legal methods.
Ultimately, the FBI was able to break into the iPhone without the company’s help and found nothing of significance. Apple responded by building a new security measure into iOS 11 the following year — USB Restricted Mode, which prevents iPhones from communicating with connected devices once they've been locked for a certain period of time.
USB Restricted Mode was designed to curtail tools like GrayKey, which are commonly used by law enforcement to break into authenticated iPhones when a password or PIN code isn't known.
It’s unclear where the encryption discussion will lead next. However, the security community within the government finally appears willing to force the issue again — so we'll likely be hearing more on this topic for months to come.