Is it possible that the “voice in the wilderness” in the encryption debate is echoing from none other than the head of the NSA? That appears to be the case, as NSA Director Admiral Mike Rogers opined last week that “encryption is foundational to the future,” in an address delivered to a Washington think tank. He then went even further, calling for stronger encryption rather than weakening it! He alluded to last year’s of the OPM (Office of Personnel Management) hack that compromised information on some 20 million employees as a reason for enhanced encryption, because there probably will be more such attacks. So, following his logic, the complex question then is how best to strengthen encryption, and what are the ramifications of doing that?
Roger’s stance is at odds with many in government law enforcement, notably FBI Director James Comey, who champion encryption that allows access by law enforcement officials. Most experts agree that there is no way to allow the good guys in without also letting the bad guys in. What’s more, at risk would be every internet transaction we make, from online banking to filling out our health records, to emailing our friends and significant others.
Rogers expanded on his balanced comments about privacy and security, or what he referred to as the “two imperatives,”
“Concerns about privacy have never been higher. Trying to get all those things right, to realize that it isn’t about one or the other. [I don’t think that] security is the imperative and that ought to drive everything. We’ve got to meet these two imperatives. We’ve got some challenging times ahead of us, folks.”
Comey, however, appears unmoved by Roger’s acknowledgement of privacy’s importance in the equation. As recently as a month ago, he argued that tech companies could comply with law enforcement without compromising privacy by ending end-to-end encryption. By making such a proposal, he only displays his naiveté for all to see. But after hearing both gentlemen’s comments, one gets the sense that this type of rope-a-dope is the old “good cop, bad cop” routine designed to divide privacy advocates and tech companies with their approach from different angles. This bears watching.
Wary of his legacy, which status his administration is rapidly approaching, President Obama has been playing both sides of the issue. The White House has abandoned its campaign for weaker encryption with a plea to tech firms to voluntarily meet law enforcement half-way. That he hasn’t endorsed stronger encryption has angered many in the Silicon Valley crowd. It’s almost like he’s letting his acolytes Comey and Rogers do the heavy-lifting and take the heat, while the White House characteristically remains above the fray. Some members of Congress have no compunction about passing laws allowing law enforcement access to encryption, as witnessed by bi-partisan legislation to be sponsored by Senators Feinstein (D-CA) and Burr (R-NC).
Rogers is joined in his opinion about maintaining strong encryption by two former NSA Directors, Hayden and McConnell. One reason they might be so generous in their defense of encryption is that the government agencies have other means of obtaining sought-after information without using backdoor encryption. Hacking is an example, and it can be employed before information ever gets to be encrypted. Perhaps, Messrs. Rogers, Hayden and McConnell can be so considerate with their comments because the NSA has an entire team of advanced hackers (possibly as many as 600) camped out at Fort Meade.
They reach out to potential recruits via elaborate camp programs while prospective candidates are still in school. This apparent inter-agency squabble over encryption might have more to do with pecking order in the budgetary process than a real difference of opinion on encryption. In other words, it’s the ol’ Potomac two-step. We’ll just have to wait to see how this plays out. For now, tech companies’ intransigence is winning out.