Mike Rogers is a former Congressman who served as the chairman of the House Permanent Select Committee on Intelligence. In a discussion with The Cipher Brief, Rogers said it is critical for the government and private sector to find a solution to the encryption dilemma that satisfies the needs of law enforcement.
The Cipher Brief: What is your overall take on the encryption debate? The government had previously argued for backdoors, while industry has made the case for strong encryption. What is the balance between security and privacy?
Mike Rogers: I do believe that you can do both, and I do believe that you have to do both. Everyone’s gone to their neutral corners. The tech industry is under pressure from Europe for sure, with their recent court ruling, and other places around the world – those are big markets for them. The government is under pressure, because we know more and more of these terrorist conversations are happening in places the government can’t get at. So you have both problems on both fronts.
I do think there is a way forward. If we can put people in a room who understand the science and the technology of what our challenges are, we can come out with a way forward. We’re going to have to do that. But right now, government says one thing, the tech industry says another, and there’s no opportunity to have a discussion where you can say, “Is there a way to do this?” without all of the outside groups pouring in.
I reject the notion that there is no technology that we can’t approach if we have the talent of the government – which is pretty good – and the talent of the private sector – which is really good. Is there no technology that we can come up with that solves this problem of privacy and protection? I don’t believe it.
TCB: Former DNI McConnell and former DHS Secretary Chertoff made the argument this summer that the idea that strong encryption could cause the U.S. security apparatus to “go dark” is somewhat overblown. They argued that law enforcement has developed new technologies and techniques to meet their missions in the past, and they should do the same now. What’s your reaction to that?
MR: You know, I hear that argument all the time, but what you’re saying is now you want the FBI to go into the decryption business – which the NSA has been doing for a very long time, and it is extremely difficult. The decryption process today is far different and more complicated and more difficult than it was in years past. I’m not sure if that is the way we want to spend our money.
Here’s the problem: You’re saying that you’re willing to take the risk that pornographers, drug dealers, organized criminals, terrorists, spies of foreign nations, are now going to be operating on U.S. soil with an absolutely classified communications system provided by U.S. companies and which our law enforcement can’t get into today, but maybe they’ll get there in the future. Maybe they’ll develop something to break these codes. I just don’t think that’s where we want to be. Candidly, I don’t think it’s good for the tech companies to be in that position, I don’t think it’s good for law enforcement, and I certainly don’t think it’s good for our national security.
TCB: Private industry’s main argument is that if you create a backdoor, if you create a “key,” it introduces additional security vulnerabilities into a given system. Essentially, if you create a key, someone can steal it. What is your reaction to that argument from industry?
MR: I’m not saying it’s without merit. There is some merit to that argument – if we make a key. But what if we get in a room and make a multi-key system? The question is, is there a technology available that provides a multiple key system that can’t work alone from the private sector and can’t operate alone from the government, but together can actually accomplish something with a warrant from a federal judge? That’s the place where we need to be debating. Can we put the right people in a room to solve that technology problem?
Based on everything that I get so see out there—now that I’m on the private side of this and I get to see new emerging technologies in cybersecurity for some of the work I’m doing—absolutely this can be done. But the problem is, right now, you have people in neutral corners. Tech companies don’t even want to entertain that conversation and neither, really, does the government. They just say, “give me a key so I can do my work,” and the tech companies are saying, “I don’t want to give you a key because that’s none of my business.” We better get over that because otherwise, we’re going to have a solution that happens when somebody dies, and I think we’re better than that. We can get ahead of this curve, and I think we’ll get to a place that provides the level of security and privacy that people would accept.
TCB: There is also an international dimension to the conversation. Some people fear that if the U.S. demands access to encryption keys, then other countries –such as China – will as well. Should the international angle to this be a concern as the U.S. continues this conversation?
MR: Absolutely. We know that one of the things that China is doing is demanding source code from companies doing business there—that’s a huge problem. But we need to fix one problem at a time, and I don’t think we’re going to fix all those problems.
Here’s what we know. We know that terrorists, organized criminals, gangsters, drug dealers, child pornographers, are going to use an encrypted system to avoid detection while operating in the United States. At the very basic level, that’s what we know is happening. It’s happening now, by the way—it isn’t 10 years or 5 years or 2 years away—it’s happening now. So, we have to solve that problem first, and then let’s look at the problem that is caused by the companies being extorted by the countries with absolutely complete, totalitarian control of their internet systems.
You have to get the right people in the room. You have to recognize two things: yes, there is a right to privacy, and yes, there is a responsibility if you’re going to own the property that allows organized crime and terrorist activity, that you have some responsibility to help solve this problem. If we can get to those two places, we will get to a technical solution that the vast majority of people would agree is fair and decent. If a federal court says, “We find that this person’s communications are relevant to them committing a terrorist attack on the United States,” I don’t know how any company could, with a straight face say, “We shouldn’t be obligated to provide that.”
So how do we find the opportunity to provide that in a way that meets both sets of needs? I think that we do it through technology. To say that Silicon Valley is void of any innovation in technology—I don’t buy it. I don’t believe it. They are the drivers of this technology, the drivers of our innovation. I’m not buying it.
