Robert Litt: Isn’t Weakening Encryption Our Job?
Office of the Director of National Intelligence General Counsel Robert Litt gave a speech to the American Bar Association’s National Security Law conference yesterday. It’s full of lots of patent bullshit, as you might expect, including misrepresenting what Keith Alexander said to Congress the other day.
But it does do something the I Con has not done thus far: try to rationalize NSA’s weakening of encryption standards.
For example, there have been stories claiming that NSA is able to crack encryption or break into private networks, and charges that this compromises everyone’s privacy.
I’m not going to comment on whether or not these stories were accurate.
But isn’t cracking encryption, or breaking into private networks, exactly what we want an intelligence agency to be able to do?
How else are we going to collect the communications of people who want to harm us and our allies, and who use those tools to try to hide their communications, or to provide policy makers the intelligence they need to protect the nation?
But just because we try to develop the capability to intercept and decrypt communications of adversaries and terrorists does not mean that we can or do use those capabilities against ordinary U.S. citizens, or French citizens, or Belgians, etc.
Granted, Litt misrepresents the extent of the revelations. It’s not just that the NSA has been trying to crack Tor. It’s also that they have deliberately weakened more general encryption standards so as to make it easier for them to access communications or launch hacks in the future.
Nevertheless, he blithely dismisses any concerns about this activity by insisting that is the Intelligence Community’s job. “But isn’t cracking encryption exactly what we want an intelligence agency to be able to do?”
This is why the defensive mandate needs to be broken off from NSA and put somewhere where people like Litt can’t touch it. Because Litt isn’t even aware that weakening encryption is, by its nature, an attack on “US citizens, or French citizens, or Belgians, etc.” (And all that’s before you get into the NSA keeping encrypted conversations of entirely innocent US and French and Belgian citizens indefinitely.)
A General Counsel making legal decisions for the entire intelligence community who misunderstands this basic fact is a menace to all of us.
And therein lies the problem. In the general view of the public and folks like Jim Sensenbrenner (or so he says) their target should be Terrorist networks or at least Non-American networks. That was the original intent when they were established with the dual mandate to attack everyone else and strengthen us. But then that was back when crypto was chiefly a national affair with each country having their own.
In the NSA’s view private networks, no matter who they belong to, are the target and weakening American’s own protections is acceptable collateral damage. The fact that they don’t get the distinction, and neither do people like Dianne Feinstein, is precisely why these problems exist.
From a distance this looks like another example of militarized policing or “send in the riot police for everything.” It is tough sounding, seductively easy, and certainly popular in Washington. It also erodes trust, terrorizes the neighborhood, and increases the odds of “collateral damage.” Until that outlook has changed, or the value of individual American security goes up nothing will change.
@C: Incidentally, it bears saying again, thank you for covering this!