Michael Hayden Ran The NSA And CIA: Now Warns That Encryption Backdoors Will Harm American Security & Tech Leadership
from the good-for-him dept
There are very few things in life that former NSA and CIA director Michael Hayden and I agree on. For years, he was a leading government champion for trashing the 4th Amendment and conducting widespread surveillance on Americans. He supported the CIA's torture program and (ridiculously) complained that having the US government publicly reckon with that torture program would help terrorists.
But, there is one thing that he and I agree on: putting backdoors into encryption is a horrible, dreadful, terrible idea. He surprised many people by first saying this five years ago, and he's repeated it a bunch since then -- including in a recent Bloomberg piece, entitled: Encryption Backdoors Won't Stop Crime But Will Hurt U.S. Tech. In it, he makes two great points. First, backdooring encryption will make Americans much less safe:
We must also consider how foreign governments could master and exploit built-in encryption vulnerabilities. What would Chinese, Russian and Saudi authorities do with the encrypted-data access that U.S. authorities would compel technology companies to create? How might this affect activists and journalists in those countries? Would U.S. technology companies suffer the fate of some of their Australian counterparts, which saw foreign customers abandon them after Australia passed its own encryption-busting law?
Separately, he points out that backdooring encryption won't even help law enforcement do what it thinks it wants to do with backdoors:
Proposals that law-enforcement agencies be given backdoor access to encrypted data are unlikely to achieve their goals, because even if Congress compels tech firms to comply, it will have no impact on encryption technologies offered by foreign companies or the open-source community. Users will simply migrate to privacy offerings from providers who are not following U.S. mandates.
Indeed, this is the pattern we have seen in Hong Kong over the last six months, where pro-democracy protesters have moved from domestic services to encrypted messaging platforms such as Telegram and Bridgefy, beyond the reach of Chinese authorities. Unless Washington is willing to embrace authoritarian tactics, it is difficult to see how extraordinary-access policies will prevent motivated criminals (and security-minded citizens) from simply adopting uncompromised services from abroad.
None of this is new, but it's at least good to see the former head of various intelligence agencies highlighting these points. At this point, we've seen intelligence agencies highlight the value of encryption, Homeland Security highlight the importance of encryption, the Defense Department highlight the importance of encryption. The only ones still pushing for breaking encryption are a few law enforcement groups and their fans in Congress.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, encryption, michael hayden
Reader Comments
Subscribe: RSS
View by: Time | Thread
Interestingly, I see parallels here between the encryption "debate" and DRM on music. The thing about DRM is that it's exactly what the FBI and lawmakers are asking for: encrypted data where they have hidden access. Eventually music pretty much left the DRM scene because DRM isn't really security -- the wrong people can always gain access to the decryption key.
[ link to this | view in chronology ]
Hayden has always been sincere
I know I'll get jumped on for saying this, but I understand where Hayden is coming from (even if I don't agree).
He really fears Bad Guys with NBC weapons and associated terrorism. He fears it so much he's willing to surveil innocent people and "trash the 4th Amendment" (in Mike's words).
But he's realistic and knows the Bad Guys are not going to use weak encryption just because there's a law. They're Bad Guys, strong encryption exists - they will use it. And weakening the victim's encryption only makes them (us) even MORE vulnerable to the Bad Guys.
I don't agree with his conclusion, but I acknowledge that requires accepting a greater risk of the Bad Guys killing a lot of people in horrible ways. I just think preserving 4th amendment rights is more important than reducing that risk.
But this is something on which honest people can disagree.
[OK, start attacking me now...]
[ link to this | view in chronology ]
Re: Hayden has always been sincere
Good guy / Bad guy
lol
[ link to this | view in chronology ]
Re: Re: Hayden has always been sincere
Male sociopath=BADGUY EBILMENZ
Female sociopath=Girl With Dragon Tattoo
[ link to this | view in chronology ]
Re: Hayden has always been sincere
Hayden's always been sincere in lying to Congress.
[ link to this | view in chronology ]
Re: Hayden has always been sincere
He sincerely killed off Thin Thread and replaced it contractors that came up with something that was several hundred million dollars over budget and years behind schedule and then got shut down.
A problematic thing these days is we seemingly don't have anyone untarnished by past corruption that can make a stand against the current corruption.
[ link to this | view in chronology ]
This isn't actually all that surprising.
When you're dealing with signals intelligence and analysis, you tend to look for unusual "signals", things that stand out. Like, say, whether or not a message is encrypted.
For obvious reasons, spies don't want to send their messages in the clear. So the best protection for a spy to send a message encrypted is to make everybody else also send their messages encrypted. As opposed to if common consumers needed crackable encryption, where they would stand out pretty blatantly.
How does that go? "One man's ~terrorist~ spy is another man's freedom fighter."
[ link to this | view in chronology ]
Re:
And yet it took him until he was out to realize this. The question at this point is it a problem of the leaders being evil morons or their whole institutional culture being evil morons?
[ link to this | view in chronology ]
Re: Re:
Cant it be both?
[ link to this | view in chronology ]
Re: Re:
It took him until he was out to say this. Don't assume the people in charge are stupid.
[ link to this | view in chronology ]
Re:
Bruce Schneier highlighted a comment on his blog back in 2008, which explained the ultimate spy message system even better, and I paraphrase the quote:
“Hiding child porn under encryption is like hiding cocaine in bales of marijuana.”
https://www.schneier.com/blog/archives/2008/10/terrorists_and_2.html
[ link to this | view in chronology ]
Re: Re:
That's not quite the quote.
Your rewording of it is not quite the same thing, but hopefully the child abuse people won't figure out why.
[ link to this | view in chronology ]
Re: Re: Re:
Thank youu for engaging with this.
Yes, as I said its a paraphrased statement .
But your stratified, ambiguous, and uneducated viewpoint will not
#savethechildren
precisely because you have an ambiguous, amorphous Us -v -them veiwpoint.
Aslanted view of who they are who do this shit.
[ link to this | view in chronology ]
That's why the Naval Research Labs (initially) developed Tor.
It provides an encrypted network which is globally accessible to US intel people with cover traffic from everyone else (human rights activists, child abusers, hackers, and just regular people).
[ link to this | view in chronology ]
Re:
Study those abusers more closely.
Most of the online child porn “community ” is sooper seekrit agents from IC agencies talking to each other.
Bruce Schneier and others covered this in 2008.
Hiding child porn in encrypted communications is like hiding kilos of cocaine in bales of marijuana, plus steganography.
[ link to this | view in chronology ]
The battle between National Security and Notional Security.
[ link to this | view in chronology ]