Slashdot Mirror


NSA Director Wants Legal Right To Snoop On Encrypted Data

jfruh writes: This may not come as a huge shock, but the director of the NSA doesn't believe that you have the right to encrypt your data in a way that the government can't access it. At a cybersecurity policy event, Michael Rogers said that the U.S. should be able to craft a policy that allows the NSA and law enforcement agencies to read encrypted data when they need to.

2 of 406 comments (clear)

  1. The NSA wants right to snoop on encryted data? by Anonymous Coward · · Score: 5, Interesting

    Okay, if we receive the legal right to snoop on the NSA. Fair trade.

  2. Re:Actually, ADM Rogers doesn't "want" that at all by gclef · · Score: 5, Interesting

    There are multiple problems with your statement. Lets look at them all, shall we:

    What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law

    No. The trigger for this isn't that companies are holding data...it's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.

    If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data

    Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.

    then I would ask what you think about the German and Japanese codes in WWII?

    Attacking RSA/DSA/AES/etc is the NSA's job. If they can do that, fine. Deliberately weakening an existing system to make it *easier* for them to do those attacks isn't our job, or our problem. If they want to beat their heads against AES, go for it. But that's not a valid reason for country-wide key escrow.

    Lastly, on the specialness of America: Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.