The Director of the National Security Agency repeated a dubious claim, previously made by one of the nation’s top law enforcement officers, boasting that American security services can crack a type of increasingly popular encryption without completely undermining the privacy-preserving technique.
Speaking at an event hosted by the New America Foundation on Monday, Adm. Mike Rogers was bombarded with questions about new encrypted technology, recently offered by mainstream tech companies like Apple and Google.
“Most of the debate that I’ve seen has been it’s all or nothing. It’s either total encryption or no encryption at all,” Rogers said, proffering an alternative that preserves encryption, but also creates a “legal framework” that allows law enforcement to have access to encrypted communications when criminal activity by its users is suspected.
Rogers joins other administration officials who’ve raised concerns about encrypted technology that hand the power to decrypt to the user, leaving neither the company nor law enforcement authorities the ability to peer inside.
Late last year, while speaking at the Brookings Institute, FBI Director James Comey warned, “encryption threatens to lead us all to a very, very dark place.”
On Monday, Rogers said he broadly agreed with the FBI Director.
“If these are the paths that criminals, foreign actors, terrorist are going to use to communicate, how do we access that?” he asked, citing the need for a “formalized process” to break through encrypted technology.
Rogers pointed toward cooperation between tech companies and law enforcement to combat child pornography. “We have shown in other areas that through both technology, a legal framework, and social compact that we have been able to take on tough issues. I think we can do the same thing here.”
But others in attendance at the forum challenged the NSA chief, saying that what he is proposing is impossible.
“It’s not the legal framework that’s hard, it’s the technical framework. That’s why it’s all or nothing,” said renowned computer security expert, Bruce Schneier, who pointedly asked Rogers if the NSA was stealing encryption keys belonging to US tech companies, as has been alleged in news reports based on documents provided by former NSA contractor Edward Snowden. Rogers denied the allegation.
Alex Stamos, Yahoo’s Chief Information Security Office further challenged Rogers. “All of the best public cryptographers in the word would agree that you can’t really drill backdoors into crypto – it’s like drilling a hole in windshield,” he said.
“I’ve got a lot of world-class cryptographers at the National Security Agency,” Rogers jabbed back. But when confronted with the further consequences of handing decryption keys to the government, Rogers flailed.
“If we’re going to build defects-slash-backdoors or golden master keys for the us government…do you believe we should build backdoors for other countries?” asked Stamos, noting that Yahoo has 1.3 billion users around the world, “Should we do so for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government?”
“I think this is technically feasible,” Rogers said, deflecting the question. “I just believe that this is achievable. We’ll have to work our way through it. I am the first to acknowledge there are international implications to all of this. I think we can work our way through this.”
“So you do believe that we should build those [backdoors] for other countries?” asked Stamos again.
“I said I think we can work our way through this,” Rogers responded, inspiring little confidence that the man entrusted with keeping the nation’s cyberspace secure has thoroughly studied the issue.
Last year, when FBI Director Comey was asked what a backdoor to encryption for law enforcement would look like, he, too, seemed over his head. “I don’t think I’m smart enough to give you a highly reliable answer there,” Comey said.
Christopher Soghoian, the principal technologist at the ACLU, took to Twitter to respond to the lack of coherence coming from both the law enforcement and intelligence communities.
“That the FBI Director believes in secure golden keys is regrettable. That the NSA Director believes in them is inexcusable,” he tweeted.
There have been a number of reports over the past year-and-a -half based on Snowden documents alleging that the NSA is actively trying to weaken encryption standards, and developing quantum computing capabilities to break encrypted cybersecurity defenses.
