Intelligence Community's Top Lawyer Endorses Desire For Unicorns, Leprechauns & Golden Keys That Don't Undermine Encryption
from the same-thing dept
Encryption is a critical tool to protect privacy, to facilitate commerce, and to provide security, and the United States supports its use. At the same time, the increasing use of encryption that cannot be decrypted when we have the lawful authority to collect information risks allowing criminals, terrorists, hackers and other threats to escape detection. As President Obama recently said, “[i]f we get into a situation in which the technologies do not allow us at all to track someone that we’re confident is a terrorist …that’s a problem.” I’m not a cryptographer, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.I'm not sure how many times in how many different ways this needs to be explained, but what they're asking for is a fantasy. You cannot put a backdoor in encryption and create a magic rule that says "only the government can use this in lawful situations." That's just not how it works. At all. The very idea of decryption by a third party "compromises the integrity of the encryption technology," almost by definition.
Separately, Litt's reassurances elsewhere ring incredibly hollow. In trying to respond to concerns about so-called "incidental" collection of information under Section 702 of the FISA Amendments Act (information that the NSA isn't allowed to collect, but does so anyway and then hangs onto it and makes it searchable by a variety of government agencies), he notes that they have "reaffirmed" that such data must be deleted if they're determined to have no foreign intelligence value, but then (no joke!) his own speech has an asterisk with a giant loophole. Here is the speech posted on the ODNI's own Tumblr page:
Under the new policy, in addition to any other limitations imposed by applicable law, including FISA, any communication to or from, or information about, a U.S. person acquired under Section 702 of FISA shall not be introduced as evidence against that U.S. person in any criminal proceeding except (1) with the prior approval of the Attorney General and (2) in (A) criminal proceedings related to national security (such as terrorism, proliferation, espionage, or cybersecurity) or (B) other prosecutions of crimes involving (i) death; (ii) kidnapping; (iii) substantial bodily harm; (iv) conduct that constitutes a criminal offense that is a specified offense against a minor as defined in 42 USC 16911; (v) incapacitation or destruction of critical infrastructure as defined in 42 USC 5195c(e); (vi) cybersecurity; (vii) transnational crimes; (or (vii) human trafficking.Yes, some of the activities covered by this list are pretty bad. But it doesn't change the fact that the NSA isn't supposed to collect such information or retain it at all. Writing in all these exceptions is pretty damn broad, especially given the NSA and its "cute" interpretations of the law.