NSA Chief: Arguing Against Encryption Is a Waste of Time

An anonymous reader writes: On Thursday, NSA director Mike Rogers said, "encryption is foundational to the future." He added that it was a waste of time to argue that encryption is bad or that we ought to do away with it. Rogers is taking a stance in opposition to many other government officials, like FBI director James Comey. Rogers further said that neither security nor privacy should be the imperative that drives everything else. He said, "We've got to meet these two imperatives. We've got some challenging times ahead of us, folks."

Translation

[NotDrWho]

The NSA has backdoors.

Re:Translation

[sinij]

The NSA has backdoors.

Cloak and dagger backdoor is preferable to legislated backdoor. With NSA-style backdoors you could find and fix them and having them is not certainty. Also, totalitarian government won't have much success demanding NSA allow them to use these.

While I'd rather not have any backdoors, to choose between two evils I'd take my chances with NSA.

Re:Translation

[shawn2772]

The NSA has backdoors.

Some, I'm sure. But the NSA cannot count on always having back doors, and this argument wouldn't make sense from that perspective unless Rogers could be certain that it always will.

No, hard as it may be to believe, I think the real situation here is that the NSA director is not an idiot, and does actually care at least a little about the "secure US communications" part of the NSA's two-fold mission. He realizes that strong encryption is absolutely essential to the future, even though it creates some obstacles for the "break everyone else's communications" side of the NSA's mission.

Though I also have no doubt that the obstacles it creates aren't nearly as large as we'd all like them to be, because there will always be lots of vulnerabilities.

Re:Translation

[NatasRevol]

They've already legally gotten around needing a warrant.

FISA/Patriot act/whatever. They're not going back now.

Which also means that they don't need to abide by the 4th amendment.

And it was, to paraphrase Star Wars, done to a standing ovation.

Re:Translation

[myowntrueself]

Hey you fucking idiot.

Enemies are different than citizens.

You clearly don't work for a government

Re:Translation

[JoeMerchant]

Whatever backdoors are present, they are irrelevant if the payload being transferred is itself strong encrypted.

Re:Translation

See as a tax paying American citizen I say they can, to paraphrase Star Wars, pass a law to a standing ovation that blatantly violates key elements of previously written law (while being silent as if it does not), but that doesn't mean its 'legal'.

In fact, regardless of what the un-elected justices have to say about the matter, as a citizen as far as I'm concerned the FISA/Patriot act/whatevers are themselves illegal.

And they DO need to abide by the 4th amendment.

And if they DONT want to abide by the 4th amendment then they'd better hurry up and collect all the guns because the fact that the 2nd amendment comes before the 4th amendment and after the 1st amendment seems to be no coincidence to me.

Amendments 1 through 5 are very clear:

1) I can say what I want
2) I can exercise self defense
3) keep your soldiers out of my life
4) keep your spies out of my life
5) keep your lawyers out of my life

Given the historical context they can be summed up as:
"Get off my lawn, government"

So if tyrants wish to violate previously written law, even if they do it unanimously in fashion of standing ovation, it is still illegal. It goes against the nature of the foundations of this nation and its basic laws. It goes against the very context and reasoning of why the constitution was written and why it was written the way it is.

Also since I'm at it, our president may be an expert on the constitution, but I do not think he is using that expert knowledge to enforce it. I think he is using that expert knowledge to subvert it. That is the fallacy behind 'I'm a constitutional professor' or whatever he has claimed and his crones have peddled.

Re:Translation

[NatasRevol]

And just how do you propose to :

Repeal laws that are illegal.

While not being able to vote out the incumbent *system* of $ for votes.
While the supreme court basically agrees with how things are being governed.

Re:Translation

[tsqr]

"the United States Constitution prohibits unreasonable searches and seizures"

Yes, it does. Unreasonable searches and seizures are those executed either without a warrant, without consent, or without a combination of probable cause and exigent circumstances. Furthermore, "no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

So no, the founders didn't accidentally put that clause in there. They also didn't put it in there for the purpose you seem to be proposing.

So basically,

[gcnaddict]

It doesn't matter if you use any variety of encrypted messaging products (imessage, cyph, silent phone, signal, etc.), we've got a backdoor for it already.

The only challenge is in justifying using it after the fact.

translation

[Noah+Haders]

"We've already cracked everything, any encrypted data is clear as water for us; let's not make a big fuss so people just stay with what they've been doing. Keep cool, people."

Dose of common sense.

[jellomizer]

The fact that software can be made (and made well) by amateurs. So such regulations saying that software shouldn't have encryption means outside sources will still make it. This will only put the big companies into a disadvantage as they wouldn't be able to make secure solutions to their system.

Re:Dose of common sense.

[Jason+Levine]

We"re also living in a global market. Let's say the US banned strong encryption tomorrow. What's to stop someone in another country from posting the source code to a strong encryption scheme? How would you prevent people from downloading and using this? You'd need to implement a "Great US Firewall" and filter all encryption-related sites. Even if you were able to do this, all you'd wind up doing is making US businesses less secure than foreign businesses. More US business hackings would leave the (valid) impression that you should trust foreign companies over US-based ones and the economy would suffer.

Encryption opponents like to pretend like they can just have Congress pass a law and all that pesky encryption will vanish with no consequences. In reality, banning encryption would create a horrible mess for businesses and consumers.

Re:Dose of common sense.

[Just+Some+Guy]

We"re also living in a global market. Let's say the US banned strong encryption tomorrow.

Stop at that point and rephrase those together as "let's say the US only allows export of hardware that the US government can snoop on". Forget everything else, because our economy would be dead as every other nation would universal ban the import of our products.

When a person in power says they want to ban strong encryption, reply by asking why they're working to destroy our economy.

Re:Job is forfeit.

[bluelip]

Nah, they just have all methods of encryption broken.

Refreshing

It's refreshing to hear someone address this issue with a little sanity. However, I still don't trust any three letter agency.

Re:Refreshing

[JazzLad]

I trust NASA, so maybe :)

Reverse psychology

[Nidi62]

I see what he did there. Because so many people are speaking out against everything the NSA is doing, he's trying to trick us. He knows if he comes out and says encryption is good, everyone else will shout back "no, we don't need encryption!". This will then allow the NSA to say "Ok, we will listen to you, no encryption for anyone!".

He's a genius, he's pulling the classic Bugs Bunny/Daffy Duck Hunting Season trick on us.

Re:Reverse psychology

[FlyHelicopters]

DUCK Season!!!

WABBIT Season!!!

Re:Job is forfeit.

[Ravaldy]

Neither, he's a smart individual that took the time to look at the landscape and him speaking about it in the public tells me he's already convinced the people above him.

Re:Please ignore what they say.

[fustakrakich]

Liar's paradox

SA Chief: Arguing Against...

[sdinfoserv]

...civil liberties, freedom, the 4th Amendment, and the 5th Amendment is a waste of time.

"We have some challenging times ahead of us"

Bullshit. Crime rates have never been lower. The chance of being injured or killed by terrorism is vanishingly small and comparable to a lightning strike. The advantages of secure communication far outweigh any potential aid it gives to criminals. The only challenge here: a government organisation trying desperately to preserve itself and its budget in the face of increasing scruitny and irrelevance.

Re:"We have some challenging times ahead of us"

[110010001000]

Well "we" means the NSA in his statement. So you are right.

Re:"We have some challenging times ahead of us"

[bigfinger76]

Maybe because terrorists represent a vanishingly small percentage of the overall population. In other words, they're not everywhere and out to get you. Tiger-repellant rocks, anyone?

Re:Please ignore what they say.

[gurps_npc]

So true. Guy stands up and says something we agree with and we all yell at him "He must be UP TO SOMETHING!"

People need to shut up and say thank you when you win - even if it's just a small battle of your opponent saying "It's not worth arguing against them"

Re:Job is forfeit.

[Hognoxious]

Could be a good time to invest in companies that make $5 wrenches.

Common sense from a surprising direction

[kheldan]

Someone like that is the last person I'd expect to bust out with a public statement like that, but at least on the surface it makes me feel a little better that not everyone in the government is as dumb as a doorknob.

Re:A waste of time?

[Opportunist]

Typical argument from someone who doesn't understand what encryption is about and how it works. It's the same shit as "Oh, against a determined hacker you cannot fortify your system". Yes you can. But I digress.

The mathematics behind cryptography tell us that, provided there are no side channels, unknown flaws in the algorithm or implementation errors, these keys are for the foreseeable future unbreakable. With perfect forward secrecy we even have the ability to ensure that even if they manage to break one communication key, no other communications are compromised. Even with all the computing power currently available on the planet breaking such an encryption would take thousands of years, and with a little more complexity we're at the level of "longer than the universe probably is going to exist".

All this of course as long as the algorithm is solid and implementations are flawless. We have noticed that the latter is often not true, and even the former has been shown to not be the case all the time. Yes, it is possible that some TLAs do have certain information about such flaws. But as far as we know the current encryption systems are solid and safe.

Re:Job is forfeit.

[JoeMerchant]

It's a realist approach: "If guns are outlawed, only outlaws will have guns." kind of logic, and it's perfectly sound.

They can try to keep it out of mainstream consumer electronics, but there's too much "DIY" capability in the world to keep strong cryptography contained.

It reminds me of the early mp3.com days - the genie has long since left the bottle, doesn't matter if you saw it coming or not, it has happened. Now, you'll have to deal with it. Attempting to recapture the genie is a fool's errand.

Re: Job is forfeit.

[rickb928]

The NSA knows that it you try to limit functional encryption to certain uses, you will fail.

The good stuff still be found and used by the criminals, and nothing is gained.

Re:No challenging time at all

[FlyHelicopters]

We are continually moving towards more and more peaceful times. We are coming to the end, though it may still take 100s or 1000s of years, of the primitive aggressive parts of our brains running our society. We are still a primitive, young society, but we are so much better than any generation in the past.

Many young people have said this MANY times over the years, they have all been wrong.

But don't worry, I'm sure it must be right THIS time.

Human nature hasn't really changed, we still use violence to resolve our disputes.

Re:Job is forfeit.

[flopsquad]

It's the triple back burner reverse reverse psychology gambit. It goes like this:

a) Only a fool will believe that anything about breaking encryption is "challenging" for the NSA. (That, and get involved in a land war in Asia.)

b) A savvy skeptic will take this whole "yeah you should use encryption but gee it makes things difficult" charade as a sign that NSA has encryption pwned six ways from Sunday, resigning themselves to using whatever's good enough to at least prevent parties != NSA from sniffing their bits.

c) The NSA doesn't actually have encryption pwned, but is counting on b)'s resignation and a)'s inexperience/disinterest to keep the status quo, which really is challenging but not as bad as it would be if encryption became both stronger and more widely adopted.

He also Made that Point on Cyber Hygiene

[Koreantoast]

Admiral Rogers also made that point too - that 80% of the government's cybersecurity problems would be solved if he could get military personnel to treat "cyber hygiene" the same way that they manage rifles, artillery and other kinetic weapons.

Be...cause...

[Greyfox]

Is it because privacy and security are only threats to tyrants? The fact that even raising the issue isn't political suicide for any politician or civil servant who dares suggest it is, frankly, embarrassing.

Re:Job is forfeit.

[gweihir]

They can try to keep it out of mainstream consumer electronics, but there's too much "DIY" capability in the world to keep strong cryptography contained.

It reminds me of the early mp3.com days - the genie has long since left the bottle, doesn't matter if you saw it coming or not, it has happened. Now, you'll have to deal with it. Attempting to recapture the genie is a fool's errand.

Indeed. Just remember that initial PGP was a single person, and so was TOR. And with the current drive to turn everyone into a software developer in school, there is just no way to prevent people from doing it. Sure, many will get it wrong, but some will not. And as encryption software can in many case be made pretty simple, bugs in it will not save the day for the NSA in the long run. Of course, they can still use targeted access, but that is expensive and risky.

This person has just understood that there is nothing to be gained going in that direction, but a lot of rather huge risks to society. It is rare to see a pragmatist actually serving in such a position.

Re:Job is forfeit.

[MillionthMonkey]

You can't just "outlaw certain encryption types". People in the rest of the world won't be falling all over each other to outlaw encryption technology that the American government can't penetrate. Who the hell would want to do business with any American company if it meant they had to spread their ass cheeks wide open for the U.S. government?

And any "bad guys" could safely and easily encrypt their plaintext "illegally", and cloak it with a steganographic layer to fool any Feds who would bother to peek through whatever half-assed backdoor they might mandate on the rest of us.

Right now most politicians don't seem to realize that what they want will require a backdoor. Or if they do, they think it will be one that will magically open just for them. They're still in the stage where they think they can just legislate fundamental changes into number theory and computer science.