Subscribe
Modern field guide to security and privacy

NSA chief admits risk in decrypting smartphone data

Adm. Mike Rogers has long posited that strong encryption on consumer devices hampers law enforcement and intelligence work. But on Thursday he acknowledged the possible security downside of one proposed way for the government to decrypt data on consumer devices.

  • close
    Director of the National Security Agency Adm. Mike Rogers testified before the Senate Intelligence Committee on Thursday.
    Pablo Martinez Monsivais/AP
    View Caption
  • About video ads
    View Caption
of

National Security Agency Director Adm. Mike Rogers has been one of the loudest voices cautioning that the strong encryption that now comes standard on consumer devices including cellphones will make it harder to catch criminals and terrorists.

But in testimony to the Senate Intelligence Committee Thursday, Admiral Rogers admitted that one proposed way for law enforcement or intelligence officials to decrypt data on consumer devices could also pose a security risk by opening the door for bad actors to access the data.

When asked by Sen. Ron Wyden (D) of Oregon whether a plan that requires tech firms to create multiple encryption keys so that US officials can decrypt data also creates "more opportunities for malicious hackers or foreign hackers to get access to the keys," Rogers admitted that was a legitimate concern. 

Recommended: FBI, DOJ want tech industry to find workaround to 'warrant-proof' encryption

"If you want to paint it very broadly, as a yes or a no," Rogers replied, "I would probably say yes."

In recent months, Rogers has called for a "front door" to access the encrypted data with multiple "big locks." According to The Washington Post, which also on Thursday revealed the technical options the Obama administration explored to allow officials to unlock encrypted communications, Rogers had proposed creating and storing multiple keys so that no one agency or organization could decrypt the data on its own.

So Rogers's public acknowledgement of the risks that come with this sort of split-key encryption is sure to be welcome news to many supporters of strong encryption on consumer devices. Many technologists and experts say that building in a channel for the US government to circumvent strong encryption is tantamount to a "back door" and can never be secure. 

Senator Wyden also seemed satisfied by Rogers's answer. "When there are multiple keys ... the good guys are not the only people with the keys," he said. "That creates more opportunities for the kinds of hacks and damaging conduct by malicious actors – and that makes your job harder."  

This issue also came up at a Passcode event earlier this month, when senior FBI and Justice Department officials said they support strong encryption in the private sector, but as Kiran Raj, the Justice Department’s senior counsel to the deputy attorney general, put it: "We don't want situations where there's warrant-proof encryption."

Since there's no one-size-fits-all solution, the companies should come up with a solution themselves, Mr. Raj said. "When we hear 'master key,' or 'golden backdoor,' we have to be clear no one is asking for that." 

But Jon Callas, chief technologist of encrypted communications company Silent Circle, pushed back: "You're not asking for the golden key – you're asking for the magic rainbow unicorn key." 

It's not possible to create a mechanism to access encryption for only the "good guys" to access, Mr. Callas said, while still maintaining device security. "We are putting in the encryption to stop crime, precisely to stop espionage ... but now that we're doing it, we're being criticized for doing it."  

About these ads
Sponsored Content by LockerDome
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK