Encrypt Everything!

Encrypt Everything!
February 3, 2014

James L. Johnston

Jim Johnston is The Heartland Institute's senior fellow for energy and regulatory policy and a... (read full bio)

The continuing scandal regarding National Security Agency monitoring of U.S. citizens’ and residents’ electronic communications makes one thing perfectly clear: If anyone is going to protect the public from unwanted snooping, the government isn’t it.

On June 5, 2013 a trove of documents from the National Security Agency was released by NSA contractor Edward Snowden to Glenn Greenwald, Laura Poitras, and Bart Gellman and later published in part by The Guardian and the Washington Post.

The response was immediate. Many people were shocked but appreciated the information. Others were shocked but felt Snowden was a traitor and must be prosecuted for treason.

Among the punishment camp are the White House and the Department of Justice. In addition, the NSA itself is worried about the files not yet released by Snowden. Rick Ledgett, who heads the NSA’s task force on the Snowden leaks, recently told the CBS show 60 Minutes he would consider amnesty for Snowden if he would stop any additional leaks. An editorial by The New York Times endorsed the idea.

Also endorsing clemency was Sen. Rand Paul, but the editorial board of The Wall Street Journal strongly opposed the idea on January 8, 2014.

An interesting implication of this difference of opinion is that the political gain from threatening prosecution of Snowden outweighs any potential damage resulting from the publication of the yet unleaked NSA documents. But Snowden no longer has the documents. They are in the hands of the reporters and under their exclusive control. So there is nothing for him to yield in exchange for clemency.

There is a basic question of how effective the NSA program has been in terms of improving national security. One need go no further for the answer than security and cryptography expert Bruce Schneier: “We have no evidence that any of this surveillance makes us safer. NSA Director General Keith Alexander responded to these stories in June by claiming that he disrupted 54 terrorist plots. In October, he revised that number downward to 13, and then to ‘one or two.’ At this point, the only ‘plot’ prevented was that of a San Diego man sending $8,500 to support a Somali militant group. We have been repeatedly told that these surveillance programs would have been able to stop 9/11, yet the NSA didn’t detect the Boston bombings—even though one of the two terrorists was on the watch list and the other had a sloppy social media trail. Bulk collection of data and metadata is an ineffective counterterrorism tool.”

On January 17, 2014, President Barack Obama laid out in a speech what the administration plans to do about Snowden’s disclosure of NSA documents.  Accompanying the speech was a presidential directive that supplied more details, and the Washington Post outlined the principal provisions.

Among the details identified by the Washington Post, there is one important omission on the White House’s part: “The NSA has not been ordered, as many had wanted, to avoid building ‘backdoors’ into software, a practice that critics say weakens encryption standards, or to stop exploiting flaws in software to conduct cyberattacks.”

Thus we have an environment where the NSA has discovered or created backdoors to the data of many large businesses and institutions. The mere existence of this program tells foreign and domestic hackers it might be easy for them to make their own assaults on private businesses.

Where will protection come from, then? The government? I doubt it. A partial answer is suggested by Bruce Schneier: Encrypt everything!

 

[Originally published at the Washington Examiner]

James L. Johnston

Jim Johnston is The Heartland Institute's senior fellow for energy and regulatory policy and a... (read full bio)