A secret National Security Council (NSC) "decision memo" shows that the government began ingratiating itself with the tech industry, and ordering its agencies to figure out how to circumvent encryption software and access private data in consumer devices, long before its privacy fight with Apple began, according to new reporting by Bloomberg.
During a meeting in late November, senior national security officials ordered agencies to develop encryption workarounds to address the issue of users encoding messages to keep them private from government surveillance, the memo shows. Those workarounds could include forcing Apple to develop its own software to help law enforcement, or recruiting government hackers to find and exploit previously unknown vulnerabilities.
The memo also instructed the agencies to identify laws that would require changing, or to estimate additional budgets to enable them to access the data.
"My guess is you could spend a few million dollars and get a capability against Android, spend a little more and get a capability against the iPhone," cyber security expert Jason Syverson told Bloomberg. "For under $10 million, you might have capabilities that will work across the board."
Other details from the memo reveal that the White House was seeking to establish a closer relationship with Silicon Valley, an effort that leaked into the public eye in January after top government officials held a private summit on encryption with the leaders of Apple, Microsoft, Dropbox, and other tech giants—after reportedly inviting them to discuss terrorism, a tactic that one attendee said felt like a "bait and switch."
The memo is revealed as the government now finds itself embroiled in an encryption battle with Apple, in what national security whistleblower Edward Snowden on Wednesday called "the most important tech case in a decade."
The company has been resisting the FBI's order to hack into an iPhone belonging to one of the suspected San Bernardino shooters, on the grounds that doing so would violate their users' privacy rights and enable a dangerous expansion of government authority. Security experts have warned that creating workarounds to encryption could lead to law enforcement agencies incorporating those tactics in criminal investigations that are unrelated to national security.
But the memo demonstrates how committed the White House is to accessing hidden data.
"My sense is that people have over-read what the White House has said on encryption," Robert Knape, a senior fellow at the Council of Foreign Relations and former White House Director of Cybersecurity Policy, told Bloomberg. "They said they wouldn’t seek to legislate ‘backdoors’ in these technologies. They didn’t say they wouldn’t try to access the data in other ways."
The memo is significant in other ways, too. Bloomberg reports:
A similar decision memo was used in the early years of the Iraq war to address the problem of Improvised Explosive Devices, which were then killing hundreds of U.S servicemen. The response ultimately led to new anti-IED technology and expanded intelligence capabilities to disrupt the cells building and planting the bombs.
National Security Council (NSC) spokesperson Mark Stroh released a statement in response to the reporting that read, "We should not preemptively conclude that technical and policy options to address this challenge are out of reach. While creating mechanisms for accessing encrypted information does create vulnerabilities, there may be technical and process steps that can be implemented to limit such risks."
Sources told Bloomberg that the memo was approved by the NSC, which typically includes the deputy attorney general, the vice chairman of the joint chiefs of staff, and the deputy national security adviser.