Editorial: The NSA remains uninterested in our safety by calling for encryption weakening
The National Security Agency's general counsel, Glenn S. Gerstell, has written an editorial in which he does not once mention the term "encryption backdoor" by name. And yet, that's what it's all about, again.
An NSA data center in Utah
The short version of this missive by Gerstell is that the NSA wants us, the public, to be on their side the next time they order Apple and others to open up backdoors into their software. Or if it can't pull off public support, the NSA at least wants us to not object when it implements draconian measures against these companies.
The 6,000-word high school term paper on security, published in the New York Times on Tuesday follows recent reports of intelligence agencies finding Apple's security stance becoming more intractable. But, it also follows incidents of the NSA collecting metadata without authorization.
It is ostensibly written for "we, the people," but it is really aimed at technology firms. It is aimed at sending them a very clear message, but it takes about 4,500 words to start delivering that payload with any coherency.
"The challenge for those [national security] agencies will be to find the right approach to working with the private sector to obtain the data needed to fulfill their vital missions in a manner that fits our values and cultures," writes Gerstell. "Of course, there is another path, and it is the one taken by authoritarian regimes around the world. China's approach is to have all that data reside in the central government, in a vast databank of personally identifying information about its citizens, from iris and facial recognition to DNA data."
The very next sentence is "That is antithetical to our values." The NSA here is positioning themselves as the good guys. They want this in your mind, if you're a tech firm who's thinking of resisting them.
This is written as a general advisory to everyone, yet it's anything but general. Alongside the thousands of words that you could just search-and-replace with "backdoor," there's also the NSA's attitude to how Europe is protecting citizens' privacy.
"[Consider] the integrated cybercenters in Britain and the level of government involvement in private sector data usage under the European Union's General Data Protection Regulation," he continues. "Would the American business community accept that model, and would our national politics permit its adoption?"
GDPR has been a royal pain for European companies who've had to decimate their mailing lists and institute strong procedures about how they collect this data, but it's been worth it for both them and their customers. It just presumably isn't worth it for the NSA.
To lead the editorial, Gerstell reminisces about days of yore, and talks about how governments developed the technology to spot early warnings of an incoming attack. Back in those heady cold war days, the NSA was on this front line, developing technologies and methods to see these imminent attacks from a foreign power.
Planes got stealthier, so radar advanced. Submarines got quieter, so sonar and other detection methods improved through research. Missiles got harder to shoot down, bunkers got more protected, and electronic warfare abilities increased -- and there have been corresponding technological counter-measures along the way.
Tech firms work to make us safer and Apple, at least, wants us to maintain privacy. This benefits us, this is of great advantage to "we, the people." It does make the job of the agency responsible for one aspect of our safety harder, and until now, apparently, they've always been up to the challenge of developing countermeasures to find and deal with the bad guys.
The NSA apparently feels like they don't have to do this anymore, if Gerstell's opinion matches the entire agency's. They'd rather us all be less safe day-to-day instead of developing their own technologies to combat the sophisticated adversaries that they hunt down the way that assorted agencies and divines of the armed forces have always done.
Literally, the NSA's mandate is to develop these countermeasures.
What the NSA wants is their job easier, at the expense of our safety and security. Whataboutism and fear-mongering talking about China's policies doesn't help, and isn't particularly relevant. Calls for citizens to not seek a privacy-regulating GDPR-like regulation in the US sure will help the NSA, but won't do one single thing for the rest of us.
The entirety of this belabored missive from the NSA lawyer comes down to the NSA wanting everyone else to do things because they apparently can't be bothered to up their game. For nearly 70 years, the NSA has been charged with protecting the US. It shouldn't stop now, and it shouldn't expect everyone else to do its work.
The NSA doesn't want to lose the digital revolution, the editorial says. That's not really up to us, and we the people shouldn't be asked to accept less personal safety to make its job easier, nor should we be blamed for its failures.
An NSA data center in Utah
The short version of this missive by Gerstell is that the NSA wants us, the public, to be on their side the next time they order Apple and others to open up backdoors into their software. Or if it can't pull off public support, the NSA at least wants us to not object when it implements draconian measures against these companies.
The 6,000-word high school term paper on security, published in the New York Times on Tuesday follows recent reports of intelligence agencies finding Apple's security stance becoming more intractable. But, it also follows incidents of the NSA collecting metadata without authorization.
It is ostensibly written for "we, the people," but it is really aimed at technology firms. It is aimed at sending them a very clear message, but it takes about 4,500 words to start delivering that payload with any coherency.
"The challenge for those [national security] agencies will be to find the right approach to working with the private sector to obtain the data needed to fulfill their vital missions in a manner that fits our values and cultures," writes Gerstell. "Of course, there is another path, and it is the one taken by authoritarian regimes around the world. China's approach is to have all that data reside in the central government, in a vast databank of personally identifying information about its citizens, from iris and facial recognition to DNA data."
The very next sentence is "That is antithetical to our values." The NSA here is positioning themselves as the good guys. They want this in your mind, if you're a tech firm who's thinking of resisting them.
This is written as a general advisory to everyone, yet it's anything but general. Alongside the thousands of words that you could just search-and-replace with "backdoor," there's also the NSA's attitude to how Europe is protecting citizens' privacy.
"[Consider] the integrated cybercenters in Britain and the level of government involvement in private sector data usage under the European Union's General Data Protection Regulation," he continues. "Would the American business community accept that model, and would our national politics permit its adoption?"
GDPR has been a royal pain for European companies who've had to decimate their mailing lists and institute strong procedures about how they collect this data, but it's been worth it for both them and their customers. It just presumably isn't worth it for the NSA.
To lead the editorial, Gerstell reminisces about days of yore, and talks about how governments developed the technology to spot early warnings of an incoming attack. Back in those heady cold war days, the NSA was on this front line, developing technologies and methods to see these imminent attacks from a foreign power.
Missing the forest for the trees
Arms races began, and still rage today. Global Power X develops a new technology, so Power Y needs to find a counter to it -- and this is how it has always been.Planes got stealthier, so radar advanced. Submarines got quieter, so sonar and other detection methods improved through research. Missiles got harder to shoot down, bunkers got more protected, and electronic warfare abilities increased -- and there have been corresponding technological counter-measures along the way.
Tech firms work to make us safer and Apple, at least, wants us to maintain privacy. This benefits us, this is of great advantage to "we, the people." It does make the job of the agency responsible for one aspect of our safety harder, and until now, apparently, they've always been up to the challenge of developing countermeasures to find and deal with the bad guys.
The NSA apparently feels like they don't have to do this anymore, if Gerstell's opinion matches the entire agency's. They'd rather us all be less safe day-to-day instead of developing their own technologies to combat the sophisticated adversaries that they hunt down the way that assorted agencies and divines of the armed forces have always done.
Literally, the NSA's mandate is to develop these countermeasures.
The NSA's fight isn't the only one
It isn't just the NSA that has threats that they have to deal with. Every day, our information is being probed, our firewalls are being scouted for holes, and the stakes aren't just our personal data, but our finances as well. If we aren't careful with passwords, or our own information security, we all stand to lose every penny that we have from that adversary.What the NSA wants is their job easier, at the expense of our safety and security. Whataboutism and fear-mongering talking about China's policies doesn't help, and isn't particularly relevant. Calls for citizens to not seek a privacy-regulating GDPR-like regulation in the US sure will help the NSA, but won't do one single thing for the rest of us.
The entirety of this belabored missive from the NSA lawyer comes down to the NSA wanting everyone else to do things because they apparently can't be bothered to up their game. For nearly 70 years, the NSA has been charged with protecting the US. It shouldn't stop now, and it shouldn't expect everyone else to do its work.
The NSA doesn't want to lose the digital revolution, the editorial says. That's not really up to us, and we the people shouldn't be asked to accept less personal safety to make its job easier, nor should we be blamed for its failures.
Comments
So the NSA wants the public to get behind its power play? The public doesn’t get to make that decision, the Constitution as interpreted by the Supreme Court will make that decision and it doesn’t look good for the NSA at this point.
After reports that Google discovered a vulnerability in iOS recently, Apple responded to it and explained that the Chinese government were using an exploit to target certain individuals.
If the Chinese are able to snoop on iOS devices, than why can’t the NSA do it without complaining that tech companies are making it too hard?
The real joke is the public education system
Of course they aren't interested in things that make their job more difficult.
As for the NSA. Look at this way. They have absolutely nothing to lose trying to convince us their desired surveillance is a good thing. They also have nothing to lose trying to convince us of the difficulty they (and other alphabet agencies) have in gathering data. In fact it's in their best interest for society to feel that way. I mean seriously, do we really believe they're having that much difficulty accessing data from our devices? I sure don't. I do think their scope is limited because they don't have the one thing they desire: large scale wholesale access. But if they can convince us to give it to them, that's gravy. If they can't, they continue doing what I think they're already doing. Like Mike and William stated, they just want their job to be easier.
Everyone forgets that the NSA spies mostly (and legally) on foreigners. But everyone fears that NSA spies a lot (illegally) on Americans. Well, is there a solution that allows the best of both worlds? Sure. You could have encryption on Apple devices that's un-escrowed for Americans, but escrowed for foreigners. Apple would have to determine nationality either during the sale or the usage of the device. The encryption in Apple's phone doesn't HAVE to be the same for all users. And yet everyone assumes it HAS to be the same. The only reason it has to be the same is because it saves Apple a little money. Apple has enough money to solve this. but Apple is afraid that selling escrowed cryptography to Chinese users would hurt their sales. (I don't think that's true. I think the average user in China would trust their own government less than the US governments and as a result still buy Apple products which are key-escrowed by the US government.)
This is the ace up the government's sleeve that it used to enforce and could enforce in the future, but isn't currently enforcing. It's called export control for encryption. It seems to me that Apple is exporting pretty high grade encryption to countries all over the world, including hostile countries, and that's probably what NSA is mostly upset about. But everyone is worried that NSA is trying to spy on themselves. And nobody here wants to make it easy for NSA to spy on nations hostile to America. That's unpatriotic, for sure.
I'm not even an American so I would be the primary loser if this technical solution was implemented.
Everyone talking about this issue makes it about "us" (people) vs "them" (NSA). But in reality there are two groups of people, "Americans" and "non-Americans" and the US constitution does not provide any "rights" to non-Americans to buy high grade cryptography from Apple.
For those who don't understand, I will explain it this way. Apple could either sell two physically different iPhones with internally different encryption algorithms, to US vs non-US citizens, or with a little cryptographic wizardry (that I won't explain because nobody understands cryptography) it could be the same iPhone sold everywhere with an internal nationality setting that only Apple can change within its secure facilities upon credentials (indicating nationality) being shown by the owner. And the nice thing is, Apple doesn't even have to know or record the name of the user, just the nationality. That's because when the user shows his nationality, he immediately has to enter his Touch ID or Face ID credentials to lock the phone to himself. At no point does Apple need to record the name of the person whose getting it set up! This is so fantastic. It's just a little inconvenient to users in this way: to get the phone configured in its un-escrowed configuration, the user has to walk into an Apple Store to set up his Touch ID by showing his passport (or equivalent proof of citizenship) to the Apple techie who is enabling the phone to use un-escrowed cryptography. An interesting point is that probably 50% of all Americans probably aren't worried about the US government having judicial access to their iPhone's data. This idea is so good it is inevitable. It will make all paranoid Americans happy that they have secure encryption. And NSA will be happy that they have access to foreign users' data. Apple will be slightly unhappy because they will argue that Samsung has no restrictions selling high grade encryption to China, but the US government could placate Apple by making it illegal for Samsung to sell any phones in America if Samsung sells high grade encryption to foreigners without escrow.
Remember, there are currently laws in the US that prevent some things, like guns, from being sold to people who aren't legally allowed to own them. This would just be the exact same idea. And all you liberals should be extremely excited that cryptography makes it easy to limit who can own these dangerous things to authorized people. All you US liberals who are so thrilled about gun control, why do you object to cryptography control? Cryptography can be more dangerous than guns. Be consistent. In fact, if you liberals enjoy laws that prohibit guns from being sold to some Americans, maybe you can just amend those laws to say "guns or un-escrowed cryptography" so that even dangerous Americans don't get access to these weapons. How can any liberal person object? I don't think even the ACLU could object.
This mental model applies to everyone from dog walkers to engineers to NSA agents to military commanders to CEOs of big pharma companies to congressman and to presidents and it translates directly to everyday actions that heavily impact people’s lives. Everyone talks about concerns for the greater good of mankind and their fellow citizens, but it’s all at an abstract and non-committed level. At the concrete level where things actually happen, people are almost totally engrossed in their own thing with their own colleagues and don’t actually relate, and sometimes don’t even recognize, that there is a world out there with people in it that aren’t just like themselves. We all share the same physical planet, but we all live in our own separate worlds. The NSA could not care less about your personal privacy when they are totally engaged in saving you from whatever is the designated boogeyman that keeps the funding, resources, and prestige flowing in their direction. Maybe you should simply learn to appreciate them more and quit complaining. /s
The NSA is not supposed to surveil Americans within the boundaries of the United States. They have 2 charges- to secure government communications and to intercept the communications of others outside the US or of foreigners within the US. They are not supposed to have unlimited ability to spy on citizens without probable cause.
That kind of power without appropriate oversight and accountability will lead to abuse regardless of which party is in charge. That accountability is not going to come from our political class that wants to hug every cop, spy and prison guard regardless of conduct. The accountability will come from our courts.
The SCOTUS has already opined that the cell phone carries so much of our personal lives and information that digital device privacy should be respected by police. The Chief Justice who is a very conservative Republican said get a warrant. I think that applies here as well.
And no, not all opinions are equally valid. Some opinions are outright bad ones. Or do you think the klan and NAMBLA have valid opinions equal to your own?
If NSA with all of its supercomputers and PhDs in encryption can't come up with an un-hackable backdoor, what chance does Silicon Valley have?
In the past, there have been attempts by NSA to publish new standards that weaken encryption. Fortunately, there are many experts who do not work for NSA who quickly find the holes NSA has created.
BTW '22July2013', the moment you say "all you liberals...", you have proven to all that you don't really want to add anything constructive to the conversation.