The NSA has finally asked for a backdoor to decrypt consumers' protected data.
Mike Rogers, assuming command of the NSA (pictured right) Image: NSA
So far, we know that the Justice Department, the FBI, and President Obama have said that law enforcement should be allowed to break into consumers' encrypted data with a warrant. Now, we can add the NSA to the list.
NSA Director Mike Rogers said today that he "shares [FBI] Director [James] Comey's concern" about losing intelligence capabilities thanks to default encryption built into iPhones and Android cell phones. The NSA had largely stayed out of the debate until Monday, when Rogers spoke at the New America Foundation's cybersecurity event in Washington, DC.
"I'm perplexed. Most of the debate I've seen is, [encryption] is all or nothing," Rogers said. "If I have an indication to believe a phone is being used for criminal activities, can't there be a legal framework for how we'd access the data on that phone?"
There are two ways to read Rogers's comments: The director of the world's most powerful intelligence agency either fundamentally doesn't understand how encryption works, or he merely pretended, for an hour, to not understand why opening up encryption to third parties would fundamentally destroy it.
At this point, the flaw in creating a "golden key" for law enforcement or intelligence agencies to decrypt data on someone's phone or computer is well trod territory. The thinking is, if you create a vulnerability that can be exploited by the NSA or FBI, then other third parties or governments will eventually be able to crack that vulnerability, destroying encryption entirely.
At the event, this argument was immediately brought up to Rogers by security expert Bruce Schneier, one of the nation's most-respected voices on cryptography. Schneier has written more than a dozen books on the subject.
"It's a technological question, not a legal question, which is what makes it hard," Schneier said.
Rogers refused to accept this explanation and said he thinks that it would be possible to make it possible only for the NSA and FBI to decrypt data, under certain circumstances decided by some sort of independent court.
"I've got a lot of world-class cryptographers at the NSA," he said. "My position is that this is technically feasible. It needs to be done within a framework. You don't want the FBI and NSA unilaterally deciding what we are going to access, I just believe this is achievable. We just have to work our way through it."
That, more or less, has been the position the Justice Department and the FBI have taken, but it's one that's not widely shared in the security community.
Rogers also refused to comment on whether or not the NSA has hacked hard drive firmware or cell phone SIM cards, two recent allegations against the agency.
"I've listened to these allegations for some period of time, and they're not unique," he said. "My perspective is, even as we try to have this dialogue [about privacy], how do I try to strike the right balance between engaging in that dialogue and realizing that compromising this provides insight to those we're trying to generate knowledge of?"
"I don't have time to respond to every allegation and continue doing our mission," he added.