SAN FRANCISCO – Declaring that strong encryption is essential to the nation’s security, Defense Secretary Ash Carter told a tech industry audience Wednesday that he’s “not a believer in back doors,” or encryption programs that leave openings for outsiders to read coded files.
Carter said he wasn’t commenting on the FBI’s legal battle with Apple over an encrypted iPhone used by one of the mass shooters in San Bernardino, California. But his statement shows the complexity of the encryption debate at a time when the nation’s law enforcement establishment is feuding with tech companies over the use of encryption in consumer products.
Federal authorities want Apple’s help in bypassing iPhone security features so they can attempt to unlock the encrypted phone. Apple and other tech companies have objected, arguing that the government essentially wants Apple to create a back door that could make all iPhones vulnerable to hacking.
Carter was the third high-ranking Obama administration official to speak at the RSA computer security trade show in San Francisco this week, following NSA Director Mike Rogers and Attorney General Loretta Lynch. The administration is making a concerted effort to enlist the industry’s support and expertise on matters including cyber-security and countering violent extremists.
Responding to a question about the iPhone case, Carter told an on-stage interviewer that he couldn’t comment because “it’s a law enforcement matter.” But he went on to say that for the military, “data security is an absolute necessity for us. We’re foursquare behind strong data security and encryption.”
Carter drew applause from the audience when he added, “I’m not a believer in back doors or a single technical approach to what is a complex problem.”
While he did not elaborate, many tech experts say building a key or back door” into encryption software, enabling third parties to unlock an encrypted file, creates a vulnerability that can be exploited by others. FBI and police officials have argued that such keys could be closely held and only used for law enforcement.
Carter also cautioned against setting policy on the basis of one case. He urged government and industry collaboration to resolve data security issues, adding that it would be undesirable to have legislation “written by people who won’t have technical knowledge, maybe written in an atmosphere of anger or grief.”
Under Carter, the Pentagon has made several overtures to Silicon Valley: It’s opened an office in the region to cultivate relationships, and has begun recruiting tech professionals for short stints on Pentagon projects.
Taking an idea used by tech firms, the department this week launched a “Hack the Pentagon” program in which outside programmers are offered bounties for finding vulnerabilities in the department’s networks or software. Carter said the hackers will be pre-screened to ensure they are “white hats” and not malicious.
Separately, Carter said a new Defense Department tech advisory panel will be led by Eric Schmidt, executive chairman of Google parent Alphabet Inc.