ASPEN, Colo. — As top national-security officials continued to argue that U.S. companies should build government-only backdoors into encrypted devices and services, an unexpected voice rose in opposition.
“I think that it’s a mistake to require companies that are making hardware and software to build a duplicate key or a backdoor, even if you hedge it with the notion that there’s going to be a court order,” former Homeland Security Secretary Michael Chertoff told an audience at the 2015 Aspen Security Forum.
Chertoff said weakening encryption would increase the vulnerabilities for ordinary users, force “bad people” into using technology that would be even harder to decrypt, and could become a strategic vulnerability for the United States, especially if Russia and China demanded backdoor access.
But the Aspen gathering also saw other top officials continue their campaign to require such backdoors. FBI Director James Comey, NSA Director Adm. Mike Rogers and Director of National Intelligence James Clapper all argued that sophisticated commercial encryption hampers U.S. intelligence efforts against militants like ISIS. Even judicially authorized communications would face a technological barrier in the form of end-to-end encryption, they told audiences.
“There’s two values in conflict,” Comey said Wednesday. “All of us believe in safety and security on the internet, hugely important to protecting all of us. All of believe in public safety. Those two values are coming into tension.” Earlier this month, Comey warned the Senate Judiciary and Intelligence Committees that the lack of a backdoor could lead to a terrorist attack on U.S. soil.
Rogers concurred with Comey’s sentiments. In response to an audience question during a Thursday session, he said that commercial-level encryption presented a “significant challenge” to his agency’s intelligence efforts. He said that terrorist groups use encrypted communications to spread messages and coordinate supporters. “We’ve watched terrorist groups around the world focused on that,” Rogers said.
Comey and Rogers described the debate as a question more of values than technology. Both officials said society would need to figure out how to balance the threat from extremist groups with the need for secure communications. Ultimately, they said, tech companies would have to figure out how to mitigate the national-security threat posed by encryption.
At least one observer viewed Chertoff’s statements through a cui bono lens. Marcy Wheeler, who first noted the former DHS chief’s remarks on her personal site, wrote that he might have spoken out “because as a contractor he’s being paid to voice the opinions of the tech industry.”
“Nevertheless, it’s not just hippies and hackers making these arguments,” Wheeler added. “It’s also someone who, for most of his career, pursued and prosecuted the same kinds of people that Jim Comey is today.”
Technology executives, workers, and researchers have generally come out against weakened encryption . in February, a Yahoo executive confronted Rogers personally:
Earlier this month, a group of respected security researchers and technologists “concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger,” the New York Times reported .
“We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago,” the authors wrote in their report , published by MIT. “In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution.”
Other commentators have noted that weakened encryption could inadvertently harm human rights workers and activists abroad .