Michael Chertoff, the former Secretary of the Department of Homeland Security, sat down with The Cipher Brief to explain why he believes a secure communications infrastructure protected by strong encryption is for the greater public good.
The Cipher Brief: U.S. law enforcement has publicly expressed its concern that bad actors – whether they be criminals or terrorist groups – will exploit strong encryption to “go dark” and hide their activities. What’s your assessment of that threat?
Michael Chertoff: I understand what the concern is, and I take it seriously, but I think bad actors will do things to avoid having their activities discovered. They may avoid using electronic means altogether. Back in the days when we were doing electronic surveillance using bugs and wiretaps to fight organized crime, the criminals would sometimes leave the building and walk around the block to have a conversation. There really is no way you can stop people from trying to hide their activities.
In this day and age, there are so many different ways you can investigate and gather intelligence about bad actors that, in my view, the threat that somehow law enforcement will “go dark” is overstated. When this issue arose in connection with voice encryption and the so-called “Clipper Chip” issue, we heard the same concerns. But at the end of the day, even without a special requirement of a chip that could be decoded by law enforcement, the authorities were still able to be quite successful with electronic surveillance.
TCB: You’ve written that "a secure communications infrastructure protected by ubiquitous encryption,” is a greater public good than that provided by weakening encryption. How have your experiences in government and the private sector informed that view?
MC: I think that it is based on my experiences in both government and the private sector. It’s also in recognition of the fact that, in the last few years, the use of the internet for communications has exploded. 20 years ago, this was not a big issue.
I think that it’s informed by two considerations. On the one hand, bad guys have traditionally tried to hide what they’re doing, and law enforcement and intelligence have found ways to still be quite successful in identifying threats. At the same time, I think that cyber hacking has become a much bigger issue for ordinary citizens and enterprises. Any attempt to restrain your ability to protect your data with encryption runs the risk of creating vulnerabilities or weaknesses that are going to harm innocent people.
TCB: Silicon Valley – supported by many in the academic community – is generally opposed to the idea of creating back doors. We’ve heard two common themes: Creating back doors (1) may not be technically feasible and (2) may actually introduce additional security vulnerabilities into a system. What’s your take on industry’s argument?
MC: I’ve looked at some of the studies and I think that, as a general proposition, introducing a back door or requiring a duplicate key does create a greater risk of compromise. Now, there’s some things you can do that create less of a risk, but I still think there’s an irreducible risk. It’s a little bit like giving the police a duplicate key to every house in the neighborhood. If someone breaks into the police station, they’re going to have an awful lot of houses they can find their way into. I also think that, as technology develops, some of the techniques with encryption will continue to evolve and continue to create more protection against intrusions. And any effort, as a matter of law, to prevent that kind of innovation is going to wind up reducing the degree of protection that we have against people who are trying to hack into our networks.
TCB: There seem to be two hardened sides in this debate—the government’s and that of industry. Is there any middle ground here? Is there a way to improve law enforcement’s ability to beat encryption without compromising privacy? How would you advise the US government and the private industry to work together on this issue?
MC: My perception is that the government has stepped back to some degree from insisting on having a back door or a duplicate key. I do think that there are tools which the government has available that actually are quite helpful and don’t risk compromising cyber security. For example, the ability to monitor metadata - which is lawfully authorized under certain rules - actually gives a pretty good ability to identify potential threats and to red-flag things for closer investigation. I also think, without giving away things that are secret, there’s just a lot more data out there, and in many ways it’s such a data rich environment that closing off one avenue does not substantially harm law enforcement and intelligence with respect to other avenues. I think that there are capabilities both from a collection and an analytic standpoint, that can pretty much remedy any loss that occurs because you can’t decrypt particular conversations.
Law enforcement can always compel individuals to decrypt their own communications upon a proper, lawful, legal showing – there are legal tools to do that. And if someone refuses to obey a lawful court order, they can go to jail. So, there’s always the direct path of getting at a message. Secondly, when you’re dealing with an enterprise that, as a matter of course, maintains a duplicate key or an alternative form of access to messages, then lawful processes can compel that to be turned over.
The only issue here is whether enterprises and firms that do not maintain duplicate keys or back doors ought to be required to introduce a vulnerability into their system in order to satisfy the opportunity for law enforcement to get decrypted communications. That’s where I think we ought to draw the line.
TCB: There’s also an international dimension to this conversation. Similar encryption debates are occurring in other countries right now. How do you see the outcomes of those debates affecting how we deal with encryption issue in the U.S.?
MC: I think they do have an impact. First of all, in some countries, there’s a very strong privacy community that pushes against any back doors and is very suspicious of the U.S. to the extent that the U.S. makes it clear that we are not going to introduce vulnerabilities or duplicate keys, we actually help American businesses.
At the other end of the spectrum, there are countries that are quite clearly going to insist on back doors and the ability to surveil even encrypted communications – countries like Russia and China. Frankly, we want the ability to argue that they shouldn’t be doing that, and we can only make that argument if we are honoring the same principle ourselves. So, I think taking this position on not having back doors or duplicate keys actually enhances our credibility in the international community.