CIA Director John Brennan Says Non-US Encryption Is 'Theoretical'
from the central-ignorance-agency? dept
You would think that someone in charge of the Central Intelligence Agency would have some knowledge about what he’s discussing while at a Senate Hearing on intelligence. Perhaps not so much. CIA Director John Brennan completely incorrectly said last week that non-US encryption was “theoretical” despite there actually being hundreds of such products on the market.
This happened during an open Senate Intelligence Committee hearing, where Senator Ron Wyden got to ask Brennan a couple of questions. The first was about whether anyone at the CIA was being held accountable for failures during the CIA torture program, and the second was on the future of Section 702 of the FISA Amendments Act. Specifically, he asked whether or not the CIA could live without being able to do “backdoor searches” on 702 data — basically asking what would happen if the CIA had to get a warrant to search that data. Director Brennan more or less dodged both questions, promising to get back to Wyden later and/or “in a different setting” (i.e., a classified one). However, as part of the preamble before asking questions, Wyden briefly touched on the issue of requiring US companies to backdoor encryption — the plan put forth by Senators Burr and Feinstein (Feinstein is sitting right next to Wyden while discussing this) — saying that it won’t work and is dangerous. He points out that putting restrictions on US companies won’t much matter, because those who wish to do us harm will just use non-US encryption. Despite no question being asked on that topic, Brennan decided to weigh in anyway. You can see the exchange here:
Here’s what Brennan says:
I respectfully disagree with your opening comments. First of all, US companies dominate the international market as for… as encryption technologies that are available through these various apps. And I think we will continue to dominate them. So although you’re right that there’s the theoretical ability of foreign companies to be able to have those encryption capabilities that’ll be available to others, I do believe that this country and this private sector is integral to addressing these issues. And I encourage this committee to continue to work on it.
Beyond being a bit jumbled, the idea that the issue is “theoretical” is flat out wrong. A recent paper by the Open Technology Institute looked at the 9 top encryption products recommended as “safe” to use by ISIS and pointed out that only one would be impacted by US regulation.
And then there was the second study, done by the Berkman Center and led by Bruce Schneier, that was a worldwide study of encryption products and noted that there are 865 encryption products worldwide from 55 different countries — and 546 of those products are non-US. It’s true that the US has the most, but there’s a pretty wide variety of other options. And the foreign products cover all different kinds of encryption. They found: “47 file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and found 61 virtual private networking products.”
To argue that this is somehow “theoretical” is beyond ridiculous. Even if it were true (and it doesn’t appear to be) that those planning to do us harm currently use US products, it’s pretty obvious that they would quickly move to foreign-based products if it became clear that the US products were required to provide a backdoor to law enforcement. Again, the only end result would be to make those who use the encryption for lawful purposes less safe.