Modern field guide to security and privacy

NSA chief admits risk in decrypting smartphone data

Adm. Mike Rogers has long posited that strong encryption on consumer devices hampers law enforcement and intelligence work. But on Thursday he acknowledged the possible security downside of one proposed way for the government to decrypt data on consumer devices.

|
Pablo Martinez Monsivais/AP
Director of the National Security Agency Adm. Mike Rogers testified before the Senate Intelligence Committee on Thursday.

National Security Agency Director Adm. Mike Rogers has been one of the loudest voices cautioning that the strong encryption that now comes standard on consumer devices including cellphones will make it harder to catch criminals and terrorists.

But in testimony to the Senate Intelligence Committee Thursday, Admiral Rogers admitted that one proposed way for law enforcement or intelligence officials to decrypt data on consumer devices could also pose a security risk by opening the door for bad actors to access the data.

When asked by Sen. Ron Wyden (D) of Oregon whether a plan that requires tech firms to create multiple encryption keys so that US officials can decrypt data also creates "more opportunities for malicious hackers or foreign hackers to get access to the keys," Rogers admitted that was a legitimate concern. 

"If you want to paint it very broadly, as a yes or a no," Rogers replied, "I would probably say yes."

In recent months, Rogers has called for a "front door" to access the encrypted data with multiple "big locks." According to The Washington Post, which also on Thursday revealed the technical options the Obama administration explored to allow officials to unlock encrypted communications, Rogers had proposed creating and storing multiple keys so that no one agency or organization could decrypt the data on its own.

So Rogers's public acknowledgement of the risks that come with this sort of split-key encryption is sure to be welcome news to many supporters of strong encryption on consumer devices. Many technologists and experts say that building in a channel for the US government to circumvent strong encryption is tantamount to a "back door" and can never be secure. 

Senator Wyden also seemed satisfied by Rogers's answer. "When there are multiple keys ... the good guys are not the only people with the keys," he said. "That creates more opportunities for the kinds of hacks and damaging conduct by malicious actors – and that makes your job harder."  

This issue also came up at a Passcode event earlier this month, when senior FBI and Justice Department officials said they support strong encryption in the private sector, but as Kiran Raj, the Justice Department’s senior counsel to the deputy attorney general, put it: "We don't want situations where there's warrant-proof encryption."

Since there's no one-size-fits-all solution, the companies should come up with a solution themselves, Mr. Raj said. "When we hear 'master key,' or 'golden backdoor,' we have to be clear no one is asking for that." 

But Jon Callas, chief technologist of encrypted communications company Silent Circle, pushed back: "You're not asking for the golden key – you're asking for the magic rainbow unicorn key." 

It's not possible to create a mechanism to access encryption for only the "good guys" to access, Mr. Callas said, while still maintaining device security. "We are putting in the encryption to stop crime, precisely to stop espionage ... but now that we're doing it, we're being criticized for doing it."  

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to NSA chief admits risk in decrypting smartphone data
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0925/NSA-chief-admits-risk-in-decrypting-smartphone-data
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe