NSA Chief Stakes Out Pro-Encryption Position

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Wait, I thought everyone in the government was against encryption? These remarks made by the director of the National Security Agency sure sound pro-encryption to me.

National Security Agency Director Adm. Mike Rogers said Thursday that “encryption is foundational to the future,” and arguing about it is a waste of time. Speaking to the Atlantic Council, a Washington, D.C., think tank, Rogers stressed that the cybersecurity battles the U.S. is destined to fight call for more widespread use of encryption, not less. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack of the Office of Personnel Management involving the personal data about 20 million people who have gotten background checks.
 
Yeah, of course the NSA wants encryption:

They want encryption they have the keys to. They don't even consider keys to the kingdom as true backdoors *cough* Dual Elliptic Curve *cough cough*. Mike Rogers has also said that the government having access to keylists to allow so-called front-door access makes it easier for malicious actors to get to the keys. But you know what? They still want your keys.
 
Well, business has a choice, work with the government to develop better security that in turn supports lawful surveillance and lawful demands for data, or refuse and loose any hand at shaping how things are going to be.
 
Im pretty sure he is referring to the data sent on government networks, not what the average consumer uses. Its more or less a failsafe for when the initial security measures are compromised, they might get a hold of hordes of data, but its useless if they can't decrypt it. A large number of government entities do not do this. he is only arguing to make it mandatory for all government entities to use encryption.

Now, on the consumer side I am quite sure the NSA is "pro-encryption," as long as they get there own little private backdoor. So either way, his "Pro-Encryption" stance is not out of line with what the rest of the organization wants.
 
If he's pro-encryption, then that just means they have the capability to break any encryption you try: they no longer care.
 
the cybersecurity battles the U.S. is destined to fight call for more widespread use of encryption, not less.

Read that as many times as you need to in order to get it through your head. What American agency benefits if the American populace and infrastructure are low-hanging fruit for Chinese and Russian hackers to harvest at their whim?
 
Didn't they work with RSA to introduce flaws in their timing so that it's much easier to crack?
 
One similar subject, one thing I've noticed is that a lot of well used encryption schemes used today are actually MADE by the NSA. I think this is kinda alarming, as we don't really know if there may be some genus backdoors to the way the algorithms work. We really should not be relying on encryption made by an organization who's goal is to crack it.
 
Red Squirrel said:
One similar subject, one thing I've noticed is that a lot of well used encryption schemes used today are actually MADE by the NSA. I think this is kinda alarming, as we don't really know if there may be some genus backdoors to the way the algorithms work. We really should not be relying on encryption made by an organization who's goal is to crack it.
Click to expand...

The NSA does not use their own encryption.

What else needs to be said....
 
lcpiper said:
Well, business has a choice, work with the government to develop better security that in turn supports lawful surveillance and lawful demands for data, or refuse and loose any hand at shaping how things are going to be.
Click to expand...

yep no way possible that China could ever gain access to those back doors. You're basically telling the government, "go ahead and watch my wife and daughter pee as long as you whisper sweet nothings into my ear that it's for the sake of national security I'm OK with it."
 
twelveparsex said:
yep no way possible that China could ever gain access to those back doors. You're basically telling the government, "go ahead and watch my wife and daughter pee as long as you whisper sweet nothings into my ear that it's for the sake of national security I'm OK with it."
Click to expand...

b9b.jpg
 
Exactly, we can have all the encryption we want (as long as NSA has the keys).

"Here, does this make you feel better now..?"
 
Even better, new encryption practices joint ventured in partner with the NSA :)
 
Funny enough, my department in the government just pushed our new encryption policy nation wide last week. Every PC is now required to encrypt data before removing by USB or Disc.
 
twelveparsex said:
yep no way possible that China could ever gain access to those back doors. You're basically telling the government, "go ahead and watch my wife and daughter pee as long as you whisper sweet nothings into my ear that it's for the sake of national security I'm OK with it."
Click to expand...

Why do you guys continue to insist that an ENGINEERED solution is a backdoor.

It's so fucking stupid :rolleyes:
 
NickJames said:
Funny enough, my department in the government just pushed our new encryption policy nation wide last week. Every PC is now required to encrypt data before removing by USB or Disc.
Click to expand...

That's been DoD Policy for over 10 years.
 
Of course he is pro-encryption. The NSA doesn't want back doors. They know that encryption with bad doors isn't encryption, and they know that good encryption is essential to the interests of the government.

The NSA also doesn't need back doors. This is because the NSA doesn't need to crack or break any encryption. I have no doubt that the best encryption technologies are still unbroken. Rather, the NSA simply gets copies of private keys through side-channel attacks or, more frequently, National Security Letters. This is a well-known and little-talked-about fact from the Snowden leaks.

Why install a back door when you can just use the front door? Installing a back door just makes encryption weaker for everyone, including the government. They don't want encryption that everyone can break. They want encryption that they can bypass when others use it, but others can't bypass when they use it. Unbreakable encryption that they have an extra key for gets them the best of both worlds.
 
DocSavage said:
Aren't all back doors engineered? Otherwise you are talking about exploits.
Click to expand...

Oh god, I gota spell it out.

The parties involved get together, the develop requirements, they test case the requirements to ensure that a plan can be developed to meet the requirements. They engineer solutions to meet the requirements, and the work continues. You also hopefully setup the procedures to be followed to address change as identified by any of the parties to the development.

And if one side doesn't entirely trust the other then you go the extra step to ensure the testing involves all parties etc etc. Code review, all that is done by the team, not just one party, no divide and conqueror, a group/team effort on all aspects of the project.

You are right, a back door is an engineered point of access allowing unauthorized access "that is known only to a few".

If everyone knows about a backdoor then it's really just another front door right? And if it only allows authorized access then again, it's not a backdoor, it's just an access point.

This is where we have a problem with the definition. The government isn't asking for secret backdoors that allow them unauthorized access. They are asking for a joint effort to develop secure communications and encryption methods that meets the privacy needs of individuals and business while allowing for legal access to store electronic data and communications when "authorized by law".

The rest of the picture is already being worked on and has been improving, namely, the issue around what does and doesn't require a warrant.
 
You must log in or register to reply here.
Back
Top