National Security Agency Director Adm. Mike Rogers said Thursday that “encryption is foundational to the future,” and arguing about it is a waste of time.
Speaking to the Atlantic Council, a Washington, D.C., think tank, Rogers stressed that the cybersecurity battles the U.S. is destined to fight call for more widespread use of encryption, not less. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack of the Office of Personnel Management involving the personal data about 20 million people who have gotten background checks.
“So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” he said, shaking his head.
“So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Other government officials — most notably FBI Director James Comey — have been crusading for a way that law enforcement can get access to encrypted data.
But technologists pretty much universally agree that creating some sort of special third-party access would weaken encryption to the point that it would threaten every internet transaction we make, from online banking to filling out our health records to emailing our friends and significant others. A hole in encryption for special FBI access would be a hole that criminals could sneak through, too.
While there’s been a lot of talk about giving up some privacy for security, Rogers said both are paramount.
“Concerns about privacy have never been higher. Trying to get all those things right, to realize that — it isn’t about one or the other,” he said. He does not think that “security is the imperative and that ought to drive everything.” Nor should privacy, he continued. “We’ve got to meet these two imperatives. We’ve got some challenging times ahead of us, folks.”
Comey, who formerly advocated for a way to get law enforcement access without weakening encryption, recently switched tactics. Now he is pressuring companies to change their business models and simply not offer true end-to-end encryption to their customers.
The White House has decided not to pursue legislation to outlaw unbreakable end-to-end encryption, following pressure from privacy advocates and scientists. But the intelligence community’s top lawyer, Bob Litt, privately advised the administration that a major terrorist attack could be an opportune moment to do so.
And the White House has not issued a statement in defense of encryption, to the frustration of Apple CEO Tim Cook, among others.
Meanwhile, Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., are reportedly planning their own proposed legislation to require law enforcement access.
Rogers’ comments could indicate a split on this issue between the intelligence community and domestic law enforcement.
A former NSA director, Michael Hayden, said in January that he thinks Comey is on the wrong side of this debate. “I disagree with Jim Comey. I actually think end-to-end encryption is good for America,” he said.
Hayden has also spoken about how U.S. intelligence agencies have figured out how to get the information they need without weakening encryption — such as using metadata, which shows who is contacting whom. Another former NSA boss, Mike McConnell, has also spoken out against trying to install backdoors in encryption.
Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.
Watch Rogers’ talk here:
Top photo: NSA Director Adm. Michael Rogers.