Obama Heads to Tech Security Talks Amid Tensions
Obama Heads to Tech Security Talks Amid Tensions
By DAVID E. SANGER and NICOLE PERLROTH FEB. 12, 2015
PALO ALTO, Calif. — President Obama will meet here on Friday with the nation’s top technologists on a host of cybersecurity issues and the threats posed by increasingly sophisticated hackers. But nowhere on the agenda is the real issue for the chief executives and tech company officials who will gather on the Stanford campus: the deepening estrangement between Silicon Valley and the government.
The long history of quiet cooperation between Washington and America’s top technology companies — first to win the Cold War, then to combat terrorism — was founded on the assumption of mutual interest. Edward J. Snowden’s revelations shattered that. Now, the Obama administration’s efforts to prevent companies from greatly strengthening encryption in commercial products like Apple’s iPhone and Google’s Android phones has set off a new battle, as the companies resist government efforts to make sure police and intelligence agencies can crack the systems.
And there is continuing tension over the government’s desire to stockpile flaws in software — known as zero days — to develop weapons that the United States can reserve for future use against adversaries.
President Obama is scheduled to meet with the leaders of top technology companies Friday at Stanford University in California. Credit Max Whittaker for The New York Times
“What has struck me is the enormous degree of hostility between Silicon Valley and the government,” said Herb Lin, who spent 20 years working on cyberissues at the National Academy of Sciences before moving to Stanford several months ago. “The relationship has been poisoned, and it’s not going to recover anytime soon.”
Mr. Obama’s cybersecurity coordinator, Michael Daniel, concedes there are tensions. American firms, he says, are increasingly concerned about international competitiveness, and that means making a very public show of their efforts to defeat American intelligence-gathering by installing newer, harder-to-break encryption systems and demonstrating their distance from the United States government.
The F.B.I., the intelligence agencies and David Cameron, the British prime minister, have all tried to stop Google, Apple and other companies from using encryption technology that the firms themselves cannot break into — meaning they cannot turn over emails or pictures, even if served with a court order. The firms have vociferously opposed government requests for such information as an intrusion on the privacy of their customers and a risk to their businesses.
“In some cases that is driving them to resistance to Washington,” Mr. Daniel said in an interview. “But it’s not that simple. In other cases, with what’s going on in China,” where Beijing is insisting that companies turn over the software that is their lifeblood, “they are very interested in getting Washington’s help.”
Mr. Daniel’s reference was to Silicon Valley’s argument that keeping a key to unlocking terrorists’ secret communications, as the government wants them to do, may sound reasonable in theory, but in fact would create an opening for others. It would also create a precedent that the Chinese, among others, could adopt to ensure they can get into American communications, especially as companies like Alibaba, the Chinese Internet giant, become a larger force in the American market.
“A stupid approach,” is the assessment of one technology executive who will be seeing Mr. Obama on Friday, and who asked to speak anonymously.
That tension — between companies’ insistence that they cannot install “back doors” or provide “keys” giving access to law enforcement or intelligence agencies and their desire for Washington’s protection from foreign nations seeking to exploit those same products — will be the subtext of the meeting.
That is hardly the only point of contention. A year after Mr. Obama announced that the government would get out of the business of maintaining a huge database of every call made inside the United States, but would instead ask the nation’s telecommunications companies to store that data in case the government needs it, the companies are slow-walking the effort.
They will not take on the job of “bulk collection” of the nation’s communications, they say, unless Congress forces them to. And some executives whisper it will be at a price that may make the National Security Administration’s once-secret program look like a bargain.
The stated purpose of Friday’s meeting is trying to prevent the kinds of hackings that have struck millions of credit card holders at Home Depot and Target. A similar breach revealed the names, Social Security numbers and other information of about 80 million people insured by Anthem, the nation’s second-largest health insurer.
Mr. Obama has made online security a major theme, making the case in his State of the Union address that the huge increase in attacks during his presidency called for far greater protection. Lisa Monaco, Mr. Obama’s homeland security adviser, said this week that attacks have increased fivefold since the president came to office; some, like the Sony Pictures attack, had a clear political agenda.
The image of Kim Jong-un, the North Korean leader, shown in the Sony Pictures comedy “The Interview” has been emblazoned in the minds of those who downloaded the film. But the one fixed in the minds of many Silicon Valley executives is the image revealed in photographs and documents released from the Snowden trove of N.S.A. employees slicing open a box containing a Cisco Systems server and placing “beacons” in it that could tap into a foreign computer network. Or the reports of how the N.S.A. intercepted email traffic moving between Google and Yahoo servers.
“The government is realizing they can’t just blow into town and let bygones be bygones,” Eric Grosse, Google’s vice president of security and privacy, said in an interview. “Our business depends on trust. If you lose it, it takes years to regain.”
When it comes to matters of security, Mr. Grosse said, “Their mission is clearly different than ours. It’s a source of continuing tension. It’s not like if they just wait, it will go away.”
And while Silicon Valley executives have made a very public argument over encryption, they have been fuming quietly over the government’s use of zero-day flaws. Intelligence agencies are intent on finding or buying information about those flaws in widely used hardware and software, and information about the flaws often sells for hundreds of thousands of dollars on the black market. N.S.A. keeps a potent stockpile, without revealing the flaws to manufacturers.
Companies like Google, Facebook, Microsoft and Twitter are fighting back by paying “bug bounties” to friendly hackers who alert them to serious bugs in their systems so they can be fixed. And last July, Google took the effort to another level. That month, Mr. Grosse began recruiting some of the world’s best bug hunters to track down and neuter the very bugs that intelligence agencies and military contractors have been paying top dollar for to add to their arsenals.
They called the effort “Project Zero,” Mr. Grosse says, because the ultimate goal is to bring the number of bugs down to zero. He said that “Project Zero” would never get the number of bugs down to zero “but we’re going to get close.”
The White House is expected to make a series of decisions on encryption in the coming weeks. Silicon Valley executives say encrypting their products has long been a priority, even before the revelations by Mr. Snowden, the former N.S.A. analyst, about N.S.A.’s surveillance, and they have no plans to slow down.
In an interview last month, Timothy D. Cook, Apple’s chief executive, said the N.S.A. “would have to cart us out in a box” before the company would provide the government a back door to its products. Apple recently began encrypting phones and tablets using a scheme that would force the government to go directly to the user for their information. And intelligence agencies are bracing for another wave of encryption.