PINDROP BLOG

‘The Horse is Out of the Barn’ on Government Control of Encryption

Controlling the development and deployment of strong encryption may have once been a possibility for intelligence and law enforcement agencies, but those days have passed and will not return, current and former U.S. intelligence officials said Tuesday.

The current version of the encryption debate has much to do with the desire of law enforcement agencies and intelligence organizations to have access to encrypted communications and devices. This once was a fairly contained problem, but the rapid deployment of mobile devices that are encrypted by default and encrypted communications channels has made it a much more difficult and complex issue. While there are legitimate reasons for law enforcement to need access to an encrypted device, security experts and cryptographers maintain that intentionally weakening the encryption tools and protocols for this purpose makes them less secure for everyone, not just the targets of a given investigation.

The renewed argument over these points is colored to a large degree by what’s come before, especially the attempts in the 1990s by the U.S. government to add backdoors to encryption schemes and implement key escrow through things such as the Clipper Chip. That effort generated a lot of hard feelings in the security community, something that it is making the current conversation even more contentious.

“The horse is way out of the barn. It’s in the field.”

“The scar tissue from the 1990s makes it hard today to align these interests. We’ve spent a lot of time looking over our shoulders about what we did in the Nineties, a la the Clipper Chip, and too little time looking forward, Chris Inglis, former deputy director of the NSA and a visiting professor at the United States Naval Academy, said during a panel discussion at the CIA’s Conference on the Ethos and Profession of Intelligence Tuesday.

“If we allow this to be deferred to market forces then diverse markets will have a variety of responses. How do we achieve the and property as opposed to the or property? The horse is out of the barn if you say you absolutely want to control it.”

Chris Darby, the president and CEO of In-Q-Tel, the investment arm of the CIA, agreed that the time when the U.S. government, or any other, could hold back the tide of strong encryption use.

“The horse is way out of the barn. It’s in the field,” Darby said.

But that certainly doesn’t mean the conversation on this subject has ended. The exposure of large-scale surveillance programs run by the American, British, and other governments since the Snowden revelations has only increased the development and adoption of encrypted apps and devices. And that likely will only continue. However, many of these apps have serious implementation and crypto flaws, something that can make life easier for intelligence services.

“If you’re going to try to roll your own crypto, I would tell you the people at the NSA would say, game on. Good luck with that,” Inglis said.

Webinar: Call Center Fraud Vectors & Fraudsters Defeated