Defense Department To Congress: 'No, Wait, Encryption Is Actually Good; Don't Break It'
As Senate Judiciary Committee Chair Lindsey Graham has continued his latest quest to undermine encryption with a hearing whose sole purpose seemed to be to misleadingly argue that encryption represents a "risk to public safety." The Defense Department has weighed in to say that's ridiculous. As you may recall, the DOJ and the FBI have been working overtime to demonize encryption and pretend -- against nearly all evidence -- that widespread, strong encryption somehow undermines its ability to stop criminals.
However, it appears that other parts of the government are a bit more up to date on these things. Representative Ro Khanna has forwarded a letter to Senator Graham that he received earlier this year from the Defense Department's CIO Dana Deasy, explaining just how important encryption actually is. The letter highlights how DoD employees rely on the kind of strong encryption found on mobile devices and in VPN services to protect the data of their employees, both at rest (on the devices) and in transit (across the network).
All DoD issued unclassified mobile devices are required to be password protected using strong passwords. The Department also requires that data-in-transit, on DoD issued mobile devices, be encrypted (e.g. VPN) to protect DoD information and resources. The importance of strong encryption and VPNs for our mobile workforce is imperative. Last October, the Department outlined its layered cybersecurity approachto protect DoD information and resources, including service men and women, when using mobile communications capabilities.
As the use of mobile devices continues to expand, it is imperative that innovative security techniques, such as advanced encryption algorithms, are constantly maintained and improved to protect DoD information and resources. The Department believes maintaining a domestic climate for state of the art security and encryption is critical to the protection of our national security.
So, there you have it. The Defense Department believes that strong, unbroken encryption is critical to national security, as opposed to the DOJ which appears to think (incorrectly) that it undermines national security. At the very least, this should mean that politicians should stop uncritically claiming that encryption is some sort of "debate" between privacy and national security. It is not. Encryption protects both of those things. Breaking encryption harms both privacy and national security... in the hopes that it might make law enforcement's job marginally easier.
Filed Under: backdoors, dana deasy, defense department, dod, encryption, lindsey graham, ro khanna
A rose by any other name
At a minimum there is a conflict as to what constitutes 'national security'.
For the DoJ it's anything they feel like pursuing or that they can't readily commit to surveillance within the bounds of the Constitution, or might make them work harder, even if the information they pass around is co-opted by those they pursue. For the DoD it is all the information they pass around that might benefit enemies of the United States, probably including but not limited to security arrangements, operational plans, etc..
I have heard some things being referred to as 'national security' or related to such that I have a very hard time discerning what it is about those things that is in fact related to our 'national security'. Some of our post WWII conflicts meet this criteria, depending upon how one feels about the domino effect. Many of our state department/CIA interventions in foreign countries meet this criteria. Some law enforcement actions (the sale or gift of military equipment to local law enforcement departments) definitely meet this criteria. Calling some definitely criminal actions 'terrorism' when it is merely criminal might meet that criteria.
In the end, the term 'national security' really depends upon the intent of the speaker, no matter how much their rhetoric attempts to lead one in another direction. Too often that phrase is wielded to achieve ends that don't require the means.
Re: A rose by any other name
It is because of this disparity in definition that we need strong encryption with a backdoor for government use only! Our government, of course, because we all know that nothing leaks from any part of the US government.
There's no conflict here. Both agencies believe strong, unbroken encryption is critical to national security - when only the government has it - and undermines national security when the proles can get up to things outside of the view of their betters.
Re:
Except the DOD is worried about use of mobile phones and the Internet by service people keeping in touch with their families.
Loose lips sink ships
Re:
Weak encryption breaks transmission
Republicans no longer care about national security. Arguably never did. They want to lord over a captive population, no matter what it costs. Full stop.
earlier this year, I moderated a panel with AccessNow's (now Silkicon Flatiron's) Amie Stepanovich, and EFF General Counsel Kurt Opsahl on this topic (although looking at it working from Australia (at the time of the panel submission, they were the only one although a week or two before the panel was held, Barr came out in favor)
You can see it here
https://www.youtube.com/watch?v=rI3uEATDxIk
And yes, Strong Encryption is good. One of the other panels is hosted by a friend of mine, Elonka Dunin, and she has cryptography as a hobby. And by Hobby I mean 'she's writing a book on it, has social engineered her way into CIA HQ to see the Kryptos statue in the past, and filmed a documentary on it earlier this year'. She has a list of other encryptions, still not broken today - Beale, Elgar, voynich Manuscript, and of course, Kryptos. (for those that don't know, Kryptos is a sculpture in the grounds of the CIA HQ put there in 1991, and has 4 codes on it. 3 have been broken, the 4th hasn't. The CIA and NSA have been working on it (in competition) for almost 30 years now, even with those who made it dropping clues.
Video here
https://www.youtube.com/watch?v=h1Mb74yGbX4
Encryption can be hard to break, unless you know there's a key that's always going to work, so you can attack that key. After all, why attack a key that can only unlock that one thing, when you can go for a key that unlocks that thing AND everything else.
And as soon as that key leaks, thats it, there's no security at all. Prime example are the travelsafe TSA locks. They have as much security as a velcro loop, because anyone can unlock them with an easily available key.
Excelent video by Lockpick lawyer here.
https://www.youtube.com/watch?v=GhESSMvf_to
