Washington Post Publishes... And Then Unpublishes... Opinion Piece By Ex-Intelligence Industry Brass, In Favor Of Strong Encryption

from the what-happened? dept

Update: And... the article has been republished at the Washington Post's site with a note claiming that it was accidentally published without fully going through its editing process. Extra points if anyone can spot anything that's changed...

Earlier this week, we noted with some surprise that both former DHS boss Michael Chertoff and former NSA/CIA boss Michael Hayden had come out against backdooring encryption, with both noting (rightly) that it would lead to more harm than good, no matter what FBI boss Jim Comey had to say. Chertoff's spoken argument was particularly good, detailing all of the reasons why backdooring encryption is just a really bad idea. Last night, Chertoff, along with former NSA boss Mike McConnell and former deputy Defense Secretary William Lynn, published an opinion piece at the Washington Post, doubling down on why more encryption is a good thing and backdooring encryption is a bad thing.

Yes, the very same Washington Post that has flat out ignored all of the technical expertise on the subject and called for a "golden key" that would let the intelligence community into our communications. Not only that, but after being mocked all around for its original editorial on this piece, it came back and did it again.

Of course, you may note that I have not linked to this piece by Chertoff, McConnell and Lynn at the Washington Post... and that's because it's gone. If you go there now you get oddly forwarded to a 2013 story (as per the rerouted URL), with a 2010 dateline, claiming that "this file was inadvertently published." Of course, this is the internet, and the internet never forgets. A cached version of the story can be found online. The title really says it all: Why the fear over ubiquitous data encryption is overblown. Of course, technical experts have been saying that for decades, but it's nice to see the intelligence community finally coming around to this. And here's a snippet of what was said in the article before it disappeared.

We recognize the importance our officials attach to being able to decrypt a coded communication under a warrant or similar legal authority. But the issue that has not been addressed is the competing priorities that support the companies’ resistance to building in a back door or duplicated key for decryption. We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.

First, such an encryption system would protect individual privacy and business information from exploitation at a much higher level than exists today. As a recent MIT paper explains, requiring duplicate keys introduces vulnerabilities in encryption that raise the risk of compromise and theft by bad actors. If third-party key holders have less than perfect security, they may be hacked and the duplicate key exposed. This is no theoretical possibility, as evidenced by major cyberintrusions into supposedly secure government databases and the successful compromise of security tokens held by the security firm RSA. Furthermore, requiring a duplicate key rules out security techniques, such as one-time-only private keys.

The op-ed also points out that "smart bad guys" will still figure out plenty of ways to use encryption anyway and all we're really doing is weakening security for everyone else. And, of course, it raises the fact that if the US demands such access, so will China and other companies.

Strategically, the interests of U.S. businesses are essential to protecting U.S. national security interests. After all, political power and military power are derived from economic strength. If the United States is to maintain its global role and influence, protecting business interests from massive economic espionage is essential. And that imperative may outweigh the tactical benefit of making encrypted communications more easily accessible to Western authorities.

These are the same basic arguments that experts have been making for quite some time now. What's also interesting is that the three former government officials also point out that the "threat" of "going dark" is totally overblown anyway. It raises the original crypto wars and the fight over the Clipper Chip, and notes that when that effort failed, "the sky did not fall, and we did not go dark and deaf."

But the sky did not fall, and we did not go dark and deaf. Law enforcement and intelligence officials simply had to face a new future. As witnesses to that new future, we can attest that our security agencies were able to protect national security interests to an even greater extent in the ’90s and into the new century.

This is an important bit of input into this debate, and one hopes that the Washington Post only "unpublished" it because it forgot to correct some grammar or something along those lines. Hopefully it is republished soon -- but even if it was published briefly, this kind of statement could be a necessary turning point, so that hopefully we can avoid having to waste any further effort on the wasteful idiocy of a second crypto war.

Filed Under: backdoors, encryption, going dark, james comey, jim comey, michael chertoff, michael mcconnell, mobile encryption, william lynn
Companies: washington post