Michael Hayden Ran The NSA And CIA: Now Warns That Encryption Backdoors Will Harm American Security & Tech Leadership

from the good-for-him dept

There are very few things in life that former NSA and CIA director Michael Hayden and I agree on. For years, he was a leading government champion for trashing the 4th Amendment and conducting widespread surveillance on Americans. He supported the CIA's torture program and (ridiculously) complained that having the US government publicly reckon with that torture program would help terrorists.

But, there is one thing that he and I agree on: putting backdoors into encryption is a horrible, dreadful, terrible idea. He surprised many people by first saying this five years ago, and he's repeated it a bunch since then -- including in a recent Bloomberg piece, entitled: Encryption Backdoors Won't Stop Crime But Will Hurt U.S. Tech. In it, he makes two great points. First, backdooring encryption will make Americans much less safe:

We must also consider how foreign governments could master and exploit built-in encryption vulnerabilities. What would Chinese, Russian and Saudi authorities do with the encrypted-data access that U.S. authorities would compel technology companies to create? How might this affect activists and journalists in those countries? Would U.S. technology companies suffer the fate of some of their Australian counterparts, which saw foreign customers abandon them after Australia passed its own encryption-busting law?

Separately, he points out that backdooring encryption won't even help law enforcement do what it thinks it wants to do with backdoors:

Proposals that law-enforcement agencies be given backdoor access to encrypted data are unlikely to achieve their goals, because even if Congress compels tech firms to comply, it will have no impact on encryption technologies offered by foreign companies or the open-source community. Users will simply migrate to privacy offerings from providers who are not following U.S. mandates.

Indeed, this is the pattern we have seen in Hong Kong over the last six months, where pro-democracy protesters have moved from domestic services to encrypted messaging platforms such as Telegram and Bridgefy, beyond the reach of Chinese authorities. Unless Washington is willing to embrace authoritarian tactics, it is difficult to see how extraordinary-access policies will prevent motivated criminals (and security-minded citizens) from simply adopting uncompromised services from abroad.

None of this is new, but it's at least good to see the former head of various intelligence agencies highlighting these points. At this point, we've seen intelligence agencies highlight the value of encryption, Homeland Security highlight the importance of encryption, the Defense Department highlight the importance of encryption. The only ones still pushing for breaking encryption are a few law enforcement groups and their fans in Congress.

Filed Under: backdoors, encryption, michael hayden


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 12 Dec 2019 @ 2:23pm

    Interestingly, I see parallels here between the encryption "debate" and DRM on music. The thing about DRM is that it's exactly what the FBI and lawmakers are asking for: encrypted data where they have hidden access. Eventually music pretty much left the DRM scene because DRM isn't really security -- the wrong people can always gain access to the decryption key.

    reply to this | link to this | view in chronology ]

  • icon
    OldMugwump (profile), 12 Dec 2019 @ 2:27pm

    Hayden has always been sincere

    I know I'll get jumped on for saying this, but I understand where Hayden is coming from (even if I don't agree).

    He really fears Bad Guys with NBC weapons and associated terrorism. He fears it so much he's willing to surveil innocent people and "trash the 4th Amendment" (in Mike's words).

    But he's realistic and knows the Bad Guys are not going to use weak encryption just because there's a law. They're Bad Guys, strong encryption exists - they will use it. And weakening the victim's encryption only makes them (us) even MORE vulnerable to the Bad Guys.

    I don't agree with his conclusion, but I acknowledge that requires accepting a greater risk of the Bad Guys killing a lot of people in horrible ways. I just think preserving 4th amendment rights is more important than reducing that risk.

    But this is something on which honest people can disagree.

    [OK, start attacking me now...]

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Dec 2019 @ 3:03pm

      Re: Hayden has always been sincere

      Good guy / Bad guy
      lol

      reply to this | link to this | view in chronology ]

    • icon
      techflaws (profile), 12 Dec 2019 @ 10:15pm

      Re: Hayden has always been sincere

      Hayden's always been sincere in lying to Congress.

      reply to this | link to this | view in chronology ]

    • icon
      hardhat (profile), 15 Dec 2019 @ 6:14am

      Re: Hayden has always been sincere

      He sincerely killed off Thin Thread and replaced it contractors that came up with something that was several hundred million dollars over budget and years behind schedule and then got shut down.

      A problematic thing these days is we seemingly don't have anyone untarnished by past corruption that can make a stand against the current corruption.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Dec 2019 @ 3:41pm

    This isn't actually all that surprising.

    When you're dealing with signals intelligence and analysis, you tend to look for unusual "signals", things that stand out. Like, say, whether or not a message is encrypted.

    For obvious reasons, spies don't want to send their messages in the clear. So the best protection for a spy to send a message encrypted is to make everybody else also send their messages encrypted. As opposed to if common consumers needed crackable encryption, where they would stand out pretty blatantly.

    How does that go? "One man's ~terrorist~ spy is another man's freedom fighter."

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Dec 2019 @ 3:48pm

      Re:

      And yet it took him until he was out to realize this. The question at this point is it a problem of the leaders being evil morons or their whole institutional culture being evil morons?

      reply to this | link to this | view in chronology ]

    • identicon
      Laberer, 14 Dec 2019 @ 7:15am

      Re:

      Bruce Schneier highlighted a comment on his blog back in 2008, which explained the ultimate spy message system even better, and I paraphrase the quote:

      “Hiding child porn under encryption is like hiding cocaine in bales of marijuana.”

      https://www.schneier.com/blog/archives/2008/10/terrorists_and_2.html

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Dec 2019 @ 9:28am

        Re: Re:

        That's not quite the quote.

        Your rewording of it is not quite the same thing, but hopefully the child abuse people won't figure out why.

        reply to this | link to this | view in chronology ]

        • identicon
          Laberer, 16 Dec 2019 @ 7:59am

          Re: Re: Re:

          Thank youu for engaging with this.

          Yes, as I said its a paraphrased statement .

          But your stratified, ambiguous, and uneducated viewpoint will not
          #savethechildren

          precisely because you have an ambiguous, amorphous Us -v -them veiwpoint.

          Aslanted view of who they are who do this shit.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Dec 2019 @ 2:32am

      That's why the Naval Research Labs (initially) developed Tor.

      It provides an encrypted network which is globally accessible to US intel people with cover traffic from everyone else (human rights activists, child abusers, hackers, and just regular people).

      reply to this | link to this | view in chronology ]

      • identicon
        Laberer, 16 Dec 2019 @ 7:32am

        Re:

        Study those abusers more closely.

        Most of the online child porn “community ” is sooper seekrit agents from IC agencies talking to each other.

        Bruce Schneier and others covered this in 2008.

        Hiding child porn in encrypted communications is like hiding kilos of cocaine in bales of marijuana, plus steganography.

        reply to this | link to this | view in chronology ]

  • icon
    Toom1275 (profile), 12 Dec 2019 @ 9:18pm

    The battle between National Security and Notional Security.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.