Some of the top former national security officials say the U.S. government can try other tacks to fight criminals on the Internet.
Some of the people who have the most intimate knowledge on U.S. government intelligence aren’t so sure encryption is such a bad thing.
Speaking to the Washington Post in interviews published on Tuesday, several former national security officials, including Mike McConnell, who ran the National Security Agency (NSA) in the 1990s and Michael Chertoff, head of Homeland Security from 2005 to 2009, said that the U.S. government’s obsession with stopping tech companies from encrypting communications is a bad idea. Chertoff went so far as to call efforts at undermining encryption “misguided.”
“I think that deliberately compromising security to make it easier for law enforcement runs the risk of simply sending the bad guys to other parts of the world where things will be fully encrypted,” Chertoff told the Washington Post. His comments were echoed by McConnell, who told the Postthat the NSA has the best electronic communications intelligence in the world and it should “learn how to deal” with encryption. Even former CIA director Michael V. Hayden, who also led the NSA for six years until 2005, said that blocking encryption would be a disaster.
“[We] will wind up with the worst of all worlds,” he told thePost. “There will be unbreakable encryption—it just won’t be made by American firms.”
The comments fly in the face of what the U.S. government, lawmakers, and even presidential hopefuls have been saying over the last couple of years as part of the ongoing debate over encryption.
Major technology companies, including Apple AAPL-0.15% and Google GOOG1.09%, have fully encrypted communications between their messaging applications. Apple CEO Tim Cook has said that his company does not hold the key to unlocking those communications, effectively allowing two people on the company’s iMessage platform to have a full conversation without fear of anyone seeing what they’re talking about.
Several smaller platforms feature similar encryption, including Telegram. After it was discovered last month thatISIS had been using Telegram for communications, the service quickly responded by shutting down the militant group’s “channels.” Like Apple, Google, and other industry giants, however, Telegram, won’t provide a so-called “backdoor” for governments to use whenever they want to access data.
“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services,” Apple CEO Tim Cook wrote in an open letter on his company’s website. “We have also never allowed access to our servers. And we never will.”
Encryption has become an increasingly important topic in light of recent terrorist attacks in Paris and San Bernardino. Lawmakers and presidential candidates have argued that encryption made the plots easier to plan and harder for government agencies to foil. Democratic presidential hopeful Hillary Clinton has called on technology companies to work with the U.S. government, saying in a speech at the Brookings Institution earlier this month that Silicon Valley should work at “disrupting ISIS and stopping them from having this open platform for communicating with their dedicated fighters and their wannabes, like the people in San Bernardino.”
At the Republican Presidential Debate on Tuesday night, encryption was a hot topic. Donald Trump said he would put “our smartest minds” to work at “infiltrating” terrorist communications. Former New York governor George Pataki said in the “undercard” debate that he would push for a law to block companies from encrypting communications. Several of the other candidates also railed against encryption, saying it hinders law enforcement efforts.
Former Hewlett-Packard CEO Carly Fiorina, however, said that it’s a slightly different issue than her competitors argue. She said that if Silicon Valley is asked for help, it would provide that help. Based on comments made by Cook and others, however, it’s unlikely that those companies would deliver on certain requests, including backdoors.
While some in the U.S. government may like the hardline talk on encryption, comments made by Chertoff and the others may not sit well with FBI director James Comey.
On several occasions, the FBI director has railed against technology companies, saying that their encryption is forcing law enforcement officials to “go dark.” He’s called encryption “a significant public safety problem,” and said last October that officials “aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority.”
Before the Senate Judiciary Committee in July, he again talked about encryption, saying that while his agency respects “the fundamental right of people to engage in private communications,” he’s concerned that even when a “communications provider is served with a warrant seeking those communications, the provider cannot provide the data because it has designed the technology such that it cannot be accessed by any third party.”
The debate, in other words, is contentious. On one side, companies are saying that in order to protect individual liberty and the privacy of users, they must offer encrypted communication that would prevent them from handing over communications. Law enforcement, along with lawmakers, have argued that such encryption puts people in danger and could protect criminals and terrorists.
Critics, including Chertoff and the other former national security officials, point to some recent revelations that may undercut the government’s argument. For one, Tashfeen Malik, one of the alleged San Bernardino attackers, didn’t use encrypted communications to voice her support for jihad and ISIS. Instead, she is believed to have posted to Facebook, where her comments were readily accessible and unencrypted.
“A large amount of actionable intelligence still exists and is transferred outside of encrypted technology systems,” says Ben FitzGerald, director of the technology and national security program at the Center for a New American Security. “Many times we hear that after an attack the perpetrators were already known to our intelligence agencies.”
FitzGerald adds that focusing on encryption could cause the U.S. government to fail “to make use of other tools, including the development of new analysis techniques, that don’t rely on accessing encrypted systems.” He argues that the comments made by the former officials is “encouraging” and suggests that they have developed “a more detailed understanding of business and technical realities [that] has helped inform their more pragmatic views.”
Despite Comey’s trouble with tech companies, pragmatism also seems to be gaining popularity within the U.S. government. In comments before the Senate Judiciary Committee last week, Comey said that while encrypted communications “must be addressed,” his agency is now trying a different tack.
“The United States government is actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services,” he said.
Comey added that the Obama administration “has decided not to seek a legislative remedy at this time.”
In other words, for now, the U.S. government won’t break companies’ rights to encryption. And based on what cybersecurity officials say, that may just be the best move.
The U.S. government isn’t the only group monitoring ISIS social media content. For more Anonymous’ cyber war with the terrorist group, check out the following Fortune video: