A number of former senior national security officials are urging that the government embrace the move to strong encryption by tech companies — even if it means law enforcement will be unable to monitor some phone calls and text messages in terrorism and criminal investigations.
In so doing, they are taking a position at odds with their colleagues inside government, including FBI Director James B. Comey. U.S. officials argue that without access to such data, they may miss critical evidence of a terrorist plot or a murder or kidnapping.
But these former officials — previously at the National Security Agency, the CIA, the Pentagon and the Office of the Director of National Intelligence — say that there are larger, strategic national and economic security imperatives that outweigh law enforcement’s operational needs.
And they say that recent terrorist attacks in Paris and in San Bernardino, Calif., have not changed their views.
Mike McConnell, who headed the NSA in the 1990s during the first national debate over federal encryption policy, recalled how 20 years ago, he was for back-door access to encrypted communications for the government.
“NSA argued publicly, ‘We’re going deaf’ ” because of encrypted calls, said McConnell, who now serves on the board of several cybersecurity companies. The agency wanted a third party to hold a key to unlock coded calls. But the resulting outcry — similar to the one heard in today’s debate over smartphone and text message encryption — caused the government to back down.
“We lost,” McConnell said simply. And what happened? “From that time until now, NSA has had better ‘sigint’ than any time in history,” he said, referring to signals intelligence, or the ability to intercept electronic communications. “Technology will advance, and you can’t stop it. Learn how to deal with it.”
McConnell, a former director of national intelligence, said he is not disputing the FBI’s need to eavesdrop on a terrorist or kidnapper. But the cybersecurity that strong encryption provides is a greater strategic need now, he said.
“Chinese economic espionage is so severe that stopping that is more important than being able to read the communications of a criminal,” said McConnell, who in July penned an opinion piece in The Washington Post with former Homeland Security secretary Michael Chertoff and former deputy Defense secretary William J. Lynn on the issue.
Chertoff, who served in the George W. Bush administration and now runs his own security consultancy, said that efforts to “undermine or to create exceptions to what is increasingly the trend to encrypting communications end to end are misguided.”
The reality is, he said in an interview this fall, “it’s always been the case that in a free society you have less than perfect ability to detect people who do bad things.”
He recalled how when he was a prosecutor in New York in the mid-1980s working mafia and political corruption cases, there were many times when he would have liked to have had a record of a conversation, but didn’t — either because the witness did not tell him about it, didn’t write it down, or the record disappeared before it could be subpoenaed.
“I remember big organized crime cases — there were several people in particular who never talked in a closed setting because they were worried about being wiretapped,” he said. “But you know what? We made the case the old-fashioned way. A few photographs. A couple witnesses. Circumstantial evidence. So . . . I think that deliberately compromising security to make it easier for law enforcement runs the risk of simply sending the bad guys to other parts of the world where things will be fully encrypted.”
The Obama administration in October decided after months of internal debate that it would not seek legislation for now. Although some lawmakers have called for action in the wake of the recent terrorist attacks, some administration officials say the White House is not likely to change its position.
Former CIA director Michael V. Hayden, who also headed the NSA from 1999 to 2005, said requiring or even encouraging U.S. companies to build in keys to unlock customers’ data “will drive the market away from them.” If that happens, he said, law enforcement “will wind up with the worst of all worlds: there will be unbreakable encryption — it just won’t be made by American firms.”
Hayden, a principal in the Chertoff Group, said that “this is far more of a law enforcement issue than it is intelligence.” Spy agencies have other ways of obtaining information, he said. “By the way,” he added, “I’m not saying that NSA should not try to bust what Apple thinks is unbreakable encryption. All I’m saying is Apple should not be required” to hold keys to decrypt data for the government.
Joel Brenner, a former NSA inspector general and top U.S. counterintelligence official, said when a company creates a back door to be able to unlock communications, “the likelihood that others will gain access is quite high.”
And even if companies could be persuaded to install back doors that would give the FBI access to records with a court order, the federal government has not shown it can be trusted to protect sensitive records, said Brenner who is now a fellow at MIT and has a consulting practice.
“The notion that we can trust the government to protect its own systems has been completely discredited in the wake of the [Office of Personnel Management] hack and other incidents,” he said referring to the disclosure this year of two hacks of OPM’s computers in which the personal records of 22 million current and former federal employees were compromised by the Chinese government.
The issue is not just a domestic one, he noted. The British, French and Chinese want companies to create back doors. “Without some international norm here, it’s going to be very hard to find stability,” he said. “And I doubt we Americans can do it through a mandate.”
Not all former national security officials agree. Keith Alexander, who retired as NSA director last year, said the risks to national security merit law enforcement gaining access to data with a warrant.
“What happens when you can’t see what terrorists are planning?” he said at a cyber conference in September hosted by Hewlett-Packard. “That’s going to get worse. Much worse.”
Alexander, who founded IronNet, a cybersecurity firm, suggested that if current trends continue and law enforcement officials “get no access,” tragedy will strike.
“We have a 9/11 and then we snap back and say, ‘Okay, what do we do?’ I think we should have that discussion now, before the next crisis.”