The National Security Agency (NSA) has a solution to public concerns over privacy invasions: Ask tech companies to create a master key that lets spy agencies access encrypted data directly rather than sneaking in through the back door.
In a speech at Princeton University, NSA head Adm. Michael Rogers outlined a proposal that would still give the agency access to user data from companies such as Google and Facebook, but in a less covert manner, The Washington Post reported.
“I don’t want a back door,” Rogers said. “I want a front door. And I want the front door to have multiple locks. Big locks.”
The proposal comes in response to the years-long debate pitting consumer privacy against law enforcement agency’s interest in accessing encrypted data from mobile devices and tech companies for criminal investigations.
The 2013 NSA document leaks revealed the agency required tech companies such as Apple and Microsoft to give it unfettered access to encrypted user data. Since the leaks, companies including Apple and Google have worked to boost privacy measures and encryption on both their mobile devices and online services such as email.
Mounting public outrage and criticism from the tech industry and privacy advocates over the NSA’s backdoor surveillance methods led Rogers, the agency’s director, to offer a compromise. In his speech, Rogers suggested a split-key approach, where tech companies and intelligence agencies would each be allocated part of an encryption key that are recombined to access user data only when acting on a court order or in emergency situations. The keys would be destroyed after use.
The White House is also considering an option that takes the key away from the NSA and gives them to a third party for safe keeping. According to the Post:
One possibility, for example, might have a judge direct a company to set up a mirror account so that law enforcement conducting a criminal investigation is able to read text messages shortly after they have been sent. For encrypted photos, the judge might order the company to back up the suspect’s data to a company server when the phone is on and the data is unencrypted.
White House officials are working to finalize a report with numerous proposals to strike a balance between increased encryption use among consumers for privacy ensure and law enforcement’s desire to access data with few hurdles. The report, which is projected to be released in April, and the NSA’s proposal come weeks ahead of the expiration of certain sections of the Patriot Act that give the NSA and other spy agencies their surveillance power.
Section 215 of the Patriot Act, which governs the NSA’s controversial program for bulk collection of telephony metadata, is the most notable part of the law that will sunset June 1 without action from Congress or the president. Lesser known provisions Section 206 and the “lone wolf provision,” which respectively allow law enforcement to put wiretaps on phone lines, mobile devices or internet connections of a suspect without identifying them, and survey non-U.S. citizens for suspected terrorism even if they don’t have ties to a known terrorist group, will also expire in June.
Previous bills to repeal or cripple the spy agencies’ surveillance power, particularly the USA Freedom Act, have failed in Congress. Additionally, sections of the Patriot Act that should have expired have been extended over the years. With the latest expiration date looming, members in the U.S. House of Representatives introduced a bipartisan bill that, if passed, would repeal the Patriot Act and Executive Order 12333 entirely and put legal limitations on intelligence agencies.
But without such legislative action, even letting sections of the Patriot Act to expire wouldn’t curtail the NSA’s use of the controversial programs. The secret court that authorizes the spy agency’s programs gave the NSA permission to keep using the metadata program as long as it could make a case for using it. The president could also override programs’ expiration with an executive order.