General Michael Hayden, former director of both the Central Intelligence Agency and National Security Agency, came...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
out in favor of strong encryption and against the U.S. government's push for encryption backdoors.
Gen. Hayden, who is now a principal of the Chertoff Group, a global advisory firm focused on security and risk management, said, "America is more secure with end-to-end unbreakable encryption."
Gen. Hayden's comments came while speaking at The Wall Street Journal CIO Network Conference on Monday. He said there would always be other ways to obtain data, and the government shouldn't resort to weakening encryption. Hayden also noted the government's failed attempt at monitoring commercial communications with the proposed "Clipper chip" in the 1990s.
"We didn't get the Clipper chip, we didn't get the backdoor and we then began the greatest 15 years in the history of electronic surveillance," Hayden said.
Hayden attributed the success in electronic surveillance to the use of metadata. Experts have said metadata would still be available on encrypted communications and undermines the "going dark" argument made by current FBI Director James Comey.
Hayden had previously stated his support for strong encryption last year, but his comments this week mark the strongest and most detailed defense of encryption to date. In his statements this week, he went on to say that he has changed his view on the role of government in cyberdefense.
"In government, I had assumed that in cyber defense as in physical defense the main body was the government…I think I got that wrong," Hayden said. "I actually think in the cyber domain, [business] is the main body and what the government has to teach itself is that the government needs –in all but a few exceptional cases — to conform its movements to the movements of the main body."
"Cyberspace is the largest ungoverned space in human history," he said. "You're going to be responsible for your own safety [in cyberspace] in a way that you haven't had to since the closing of the American frontier in 1890."
However, it appears as though representatives in Congress will continue pursuing legislation to mandate weakened encryption so companies can comply with law enforcement and provide access to user data.
The general argument from lawmakers has been that if terrorists use encrypted communications methods, law enforcement would have no way to monitor that communication. Senator Richard Burr (R-NC) has been taking the lead on potential legislation in the Senate to mandate that companies comply with court orders, even if that means breaking encryption.
Rep. Michael McCaul (R-Texas), chair of the House Committee on Homeland Security has been working since last year on legislation to create an encryption commission that he said will "bring together the technology sector, privacy and civil liberties groups, academics, and the law enforcement community to find common ground," speaking last year in what he called the first annual State of the Homeland Security Defense Address.
McCaul told SearchSecurity: "Former Director Hayden has a great point - with encryption, it isn't a question of privacy versus security but rather security versus security. The same technology that is presenting challenges to law enforcement also keeps our personally and nationally sensitive information secure, and making policy changes without looking at the full picture could have dangerous consequences. That's why I've proposed a commission on digital security to bring together experts who get the complexity and the stakes to provide us with recommendations."
Senator Burr had no comment regarding his stance on encryption in light of Gen. Hayden's comments.
Read more about the origins of the "going dark" dark debate.
Dig Deeper on Disk Encryption and File Encryption
Michael Heller asks:
Which is more important to public safety: the ability to encrypt without backdoors, or giving access to all encrypted data to law enforcement and government agencies?
1 ResponseJoin the Discussion