NSA In Support Of Encryption Is ‘Disingenuous’: EFF Purports by Rebecca James
On Wednesday, CAMBRIDGE, Ma. – The NSA, National Security Agency appeared in support of encryption. But the stance was quickly contested by the privacy advocates, who criticizes the agency for peculiar definition of the term “encryption” than others.
The general counsel for the NSA, Glenn Gerstell, asserted that the company “believes in strong encryption” during the panel, “Privacy vs. Security: Beyond the Zero-Sum Game,” on (CCS) Cambridge Cyber Summit conducted by MIT.
Cindy Cohn, Executive Director of EFF (Electronic Frontier Foundation), attending panelist took an offensive stance and said that the NSA should use an asterisk at the end of the word encryption when speaking.
Cohn said, “I have been in meetings with people from the NSA and FBI and when they say we believe strong encryption what they mean is strong encryption that only THEY have access to.”
“It sounds disingenuous; it seems that what they mean by strong encryption isn’t near the same as what the rest of us say,” Cohn said.
Gerstell could be seen as backing the sentiments made by NSA director Adm. Mike Rogers, and former director of the CIA and NSA, General Michael Hayden when both went on record earlier this year in support of encryption and admitted that robust cryptosystems (encryption software like VPN, password manager, etc.) had given them challenges.
Gerstel explained that end-to-end encryption doesn’t mean that it ends all problems, but sometimes people lose their passwords of encrypted devices and resetting it exposes them to vulnerabilities, and all these mishaps provide opportunities to exploits.
Moderated by the Washington Post’s Ellen Nakashima, the panel quickly developed into privacy versus security debate.
Gerstell said being focused on encryption called it “more of a law enforcement issue,” while alluding the difficulties the government faces when extremists group use encrypted messaging apps for communication, and what the NSA does to gain intelligence is more like “going spotty” and “not dark.” At one point in the discussion, Gerstell said that the encryption shouldn’t have to be an “impenetrable wall” and there can be ways around it.
Cohn quipped at the Gerstell said, “The government shouldn’t be in the business of cracking our technology, rather it should be helping businesses to make them secure.”
In the elevated discussion, at one point, Gerstell was forced to defend the accusations from Cindy Cohn that the NSA agency frequently garnered zero-day vulnerabilities and deliberately failed to inform the affected companies, which left users vulnerable. Gerstell asserted that the NSA do discloses, roughly 95 percent, of the vulnerabilities it encounters. However, sometimes the equipment become out-of-cycle, or incompatible with manufacturers, then the agency has to withhold them for reasons of state’s security.
She fired back, excerpted the NSA’s “vague response” to the Freedom of Information Act (FOIA) request filed by EFF in 2014. Cohn said to Gerstell that the government’s status is below the general public in forthcoming the issue.
While, the FBI v. Apple debacle elevated the topic of encryption. It doesn’t seem that it is concluded but rather agitated.
The principal director of MIT’s Internet Policy Research Initiative, Daniel Weitzner, intervened the debate and said that “we’re getting tripped up” on the discussion.
“Let’s find a solution,” Weitzner said, “We should be discussing other ways law enforcements can be effective with encryption around.”
At the end of the panel, Weitzner stated that we’d never have completely secured systems, but end-to-encryption will be ubiquitous, and the world will need to adapt it.
“It’s clear that end-to-end encryption will be widely available around the world, and non-U.S. sources would be able to use it, that’s not a good thing, but we can’t control it,” Weitzner said.
He further said that the question now is that where do our strategic interests lie in the trust and security of users or guaranteeing whether can be used in law enforcement investigation? I think we have to take the leap on the side of law-abiding citizens for protection.
Rebecca James is a Journalist and Senior Editor at Be Encrypted. She has provided a lot to security and privacy in her career. She likes to add her personal opinion on recent security matters. You can follow her on Twitter. You can reach Rebecca on Twitter (@rebecca_jeames)