Slashdot Mirror


NSA Director Wants Legal Right To Snoop On Encrypted Data

jfruh writes: This may not come as a huge shock, but the director of the NSA doesn't believe that you have the right to encrypt your data in a way that the government can't access it. At a cybersecurity policy event, Michael Rogers said that the U.S. should be able to craft a policy that allows the NSA and law enforcement agencies to read encrypted data when they need to.

2 of 406 comments (clear)

  1. Actually, ADM Rogers doesn't "want" that at all by daveschroeder · · Score: -1, Flamebait

    What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.

    If you actually care about our system of government, or that of any Western governments, then you would support that, too.

    If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?

    Oops...now the the fact is that US adversaries no longer are using their own custom software/hardware/encryption/etc. and now share the same technologies that Americans and the rest of the world use does not magically place these technologies off-limits for exploitation or targeting. It would turn modern intelligence gathering -- yes, of even free nations -- on its head.

    The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability. That these constraints are erroneously believed to not be effective, or that the press and public willfully misunderstand the legal landscape alongside the big picture of SIGINT in the digital age, does not mean the constraints don't exist. The level of constraint on our activities, even activities conducted with respect to non-US Persons exclusively outside the US, rises to a level that I can only compare to a bad joke. An even worse joke is when people believe NSA is operating rouge, with virtually no constraints or oversight (at least any meaningful oversight), juxtaposed with the reality we work in every day.

    If we're essentially saying that it was only okay for the US and our allies to, for example, break the German or Japanese codes during WWII simply because Americans weren't also using the same codes, and therefore that is the only reason that the government could be "trusted" to not misbehave or abuse its powers, then we have a serious problem on our hands.

    So, take your message content and apply that to yourself. Thanks!

    1. Re:Actually, ADM Rogers doesn't "want" that at all by daveschroeder · · Score: 1, Flamebait

      Yes, where to even begin...

      Do you realize that over 70% of FOREIGN internet traffic enters, traverses, or otherwise touches the US?

      Do you understand that an individualized warrant is required to target, collect, store, analyze, or disseminate the communications content of a US Person anywhere on the globe, and that the current law on the issue is stronger and more restrictive with regard to US Persons than it has ever been?

      Do you understand that the FOREIGN communications we are going after are now intermixed with the communications of the rest of the world, including that of Americans?

      Do you understand that when terrorists use Gmail, Facebook, Yahoo, WhatsApp, Hotmail, Twitter, Skype, etc. etc. etc., or Windows, or Dell computers, or Android phones, or Cisco routers, and so on, that there is no technical distinction between your communications and theirs, yet -- surprise -- we still would like to access those communications, and have legal, policy, and technical frameworks to do so, even if you have not personally inspected them yourself?

      If you are a US citizen, and not covered by any warrant, no one cares about your communications. And almost by definition, no foreign intelligence agency (NSA, CIA, DIA) remotely gives a shit about your communications, and would greatly prefer to avoid it altogether, unless you have some kind of connection with foreign intelligence targets -- in which case any collection or monitoring of your communications would require an individualized warrant from FISC or another court of competent jurisdiction. I realize you think this isn't the case, and that all of your communications are being mined and monitored (illegally, no less), and since proving a negative is impossible, I won't be able to help in that regard.