NSA chief admits risk in decrypting smartphone data
Adm. Mike Rogers has long posited that strong encryption on consumer devices hampers law enforcement and intelligence work. But on Thursday he acknowledged the possible security downside of one proposed way for the government to decrypt data on consumer devices.
Director of the National Security Agency Adm. Mike Rogers testified before the Senate Intelligence Committee on Thursday.
Pablo Martinez Monsivais/AP
National Security Agency Director Adm. Mike Rogers has been one of the loudest voices cautioning that theÌýstrongÌýencryption that now comes standardÌýon consumer devices including cellphonesÌýwill make it harder to catch criminals and terrorists.
But in testimony to theÌýSenate Intelligence Committee Thursday, Admiral Rogers admitted thatÌýone proposed way for law enforcement or intelligence officials toÌýdecrypt data on consumer devices couldÌýalso pose a security risk byÌýopening the door for bad actors to access the data.
When asked by Sen. Ron Wyden (D) of Oregon whether a plan that requires tech firms to create multiple encryption keys so that US officials can decrypt data also creates "more opportunities for malicious hackers or foreign hackers to get access to the keys," Rogers admitted that was a legitimate concern.Ìý
"If you want to paint it very broadly, as a yes or a no," Rogers replied, "I would probably say yes."
In recent months, Rogers has called for a "front door" to access the encrypted data with multiple "big locks."Ìý, which also on Thursday revealed the technical options the Obama administration explored to allow officials to unlock encrypted communications,ÌýRogers had proposed creating and storing multiple keys so that no one agency or organization could decrypt the data on its own.
So Rogers'sÌýpublic acknowledgementÌýof the risks that come with this sort of split-key encryptionÌýis sure to beÌýwelcome news to many supporters of strong encryptionÌýon consumer devices.ÌýManyÌýtechnologists and experts say that building in a channel for the US government to circumvent strong encryption is tantamount to a "back door" and can never be secure.Ìý
Senator Wyden also seemed satisfied by Rogers's answer. "When there are multiple keys ... the good guys are not the only people with the keys," he said. "That creates more opportunities for the kinds of hacks and damaging conduct by malicious actors – and that makes your job harder." Ìý
This issue also came upÌýat a Passcode event earlier this month,Ìýwhen senior FBI and Justice Department officials said they support strong encryption in the private sector, but as Kiran Raj, the Justice Department’s senior counsel to the deputy attorney general, put it:Ìý"We don't want situations where there's warrant-proof encryption."
Since there's no one-size-fits-all solution, the companies should come up with a solution themselves, Mr. Raj said. "When we hear 'master key,' or 'golden backdoor,' we have to be clear no one is asking for that."Ìý
But Jon Callas, chief technologist of encrypted communications company Silent Circle, pushed back: "You're not asking for the golden key – you're asking for the magic rainbow unicorn key."Ìý
It's not possible to create a mechanism to access encryption for only the "good guys" to access, Mr. Callas said, while still maintaining device security. "We are putting in the encryption to stop crime, precisely to stop espionage ... but now that we're doing it, we're being criticized for doing it." Ìý
Ìý