The leaders controlling the US surveillance apparatus can’t agree on encryption. FBI Director Comey has characterised it as a safe haven for evil-doers. A high-ranking Department of Justice official insisted that encryption could cause a child to die. Meanwhile, the US National Security Agency’s leaders are extremely chill about encryption — which is pretty alarming.
“Encryption is foundational to the future,” NSA Director Adm. Mike Rogers said in a speech today. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” he continued.
That sounds nice and reasonable, right? Rogers isn’t going on a rogue stand for privacy, though. He’s maintaining a status quo. NSA Directors haven’t really given a shit about encryption for a while. And while it’s less annoying than Comey’s fear-mongering, the NSA’s relaxed attitude could be worth treating with suspicion.
Rogers’ remarks echo the sentiments of his predecessor, Michael Hayden, who supports end-to-end phone encryption. You may remember Hayden — he was in charge during the Snowden leaks. He’s the guy who said “We kill people based on metadata.”
As The Intercept pointed out, there’s a reason NSA leaders aren’t worried about encryption. They can operate an extensive surveillance program just fine with it!
Hayden has also spoken about how U.S. intelligence agencies have figured out how to get the information they need without weakening encryption — such as using metadata, which shows who is contacting whom. Another former NSA boss, Mike McConnell, has also spoken out against trying to install backdoors in encryption.
Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.
If Comey gets his way, phones and computers of citizens of the US and beyong will be less secure, because bad actors will figure out a way to exploit whatever flawed “good guys only” security holes are created for law enforcement. But this is a reminder that government officials who aren’t fussed about encryption aren’t necessarily privacy crusaders.
Some security bloggers have a dark interpretation of the NSA’s attitude towards encryption. The theory: Maybe they don’t care about a magical overhaul because they already know how to break commonly-used cryptography.
As the Freedom to Tinker blog at Princeton University’s Center for Information Policy Freedom noted, the Snowden documents revealed that the NSA is heavily invested in breaking encryption:
NSA could afford such an investment. The 2013 “black budget” request, leaked as part of the Snowden cache, states that NSA has prioritized “investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic.” It shows that the agency’s budget is on the order of $10 billion a year, with over $1 billion dedicated to computer network exploitation, and several subprograms in the hundreds of millions a year.
When the man running the most notoriously over-reaching intelligence agency in this century says he thinks it’s a waste of time to argue for a special government way to access private information, it’s time to seriously consider the possibility that he already knows how to easily access that information. [The Intercept]