twixx - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

CIA chief denies encryption backdoor effect on U.S. business

The director of the CIA denied that a government-mandated encryption backdoor would have an effect on U.S. business, but experts said the statement ignores the global market.

Experts are confounded by the latest comments from the head of the CIA on the potential effects to U.S. business of a proposed encryption backdoor. In a Senate committee hearing, CIA Director John Brennan said no one should worry about encryption backdoors hurting American companies.

During the congressional hearing on Thursday, Sen. Ron Wyden (D-Ore.) questioned the CIA's support for weakening cryptography by mandating encryption backdoors, and Brennan said the CIA needed access to encrypted communication in order to track terrorists.

"U.S. companies dominate the international market as far as encryption technologies that are available through these various apps, and I think we will continue to dominate them," Brennan testified. "So, although you are right that there's the theoretical ability of foreign companies to have those encryption capabilities available to others, I do believe that this country and its private sector are integral to addressing these issues."

This comment seemed to surprise Wyden and security experts, who said the ability of foreign companies to provide encryption in products is far from theoretical.

"It is clearly inaccurate to say that foreign encryption is a 'theoretical' capability," Wyden wrote in a public statement. "Strong encryption technologies are available from foreign sources today -- half of them of them are inexpensive, and the other half are free. U.S. tech companies dominate this field today, but they are competing in a global marketplace. These products are used by consumers and businesses every single day to protect everything from bank records and business transactions to personal communications and other sensitive data."

Rebecca Herold, CEO of Privacy Professor, told SearchSecurity she has seen the effects firsthand, as potential clients in Europe put deals on hold because they were worried about the government mandating encryption backdoors.

"I anticipate that there are hundreds, or thousands, of other U.S. businesses similarly stymied in making business deals because of government pressure to have us use weak encryption. Likely costing millions of dollars for our economy," Herold wrote in an email. "The government needs to realize that in their quest to collect all data possible by mandating weak encryption (backdoors [equals] weakness), they are damaging U.S. businesses that depend upon encryption in order to have international clients. So, they are damaging our U.S. economy and will get no additional data, because everyone who wants to choose strong encryption will get it from other countries -- helping other countries' economies instead of ours and providing no improvement to homeland security."

Elad Yoran, executive chairman of KoolSpan Inc., based in Bethesda, Md., wanted Brennan to stop using generalities when talking about U.S. businesses.

"I challenge Director Brennan to identify companies and government organizations by name that would be willing to use encryption with backdoors to protect their confidential communications and intellectual property," Yoran said. "My guess is that not a single company or government organization will go on the record saying that backdoored encryption is good enough for them. Businesses and government organizations will still need to protect themselves, and if they cannot get what they need from U.S. cybersecurity companies, then they'll source their protection elsewhere."

Wyden also noted that Brennan's stance on the security afforded by encryption backdoors was misguided.

"Requiring American companies to deliberately build backdoors into their products would not stop terrorists from using strong encryption, and it would undermine American competitiveness and Americans' digital security at a time when the threat from foreign hackers and cyberattacks has never been greater," Wyden wrote.

Herold said she was "completely flabbergasted" when she heard Brennan's quote.

"If he was trying to dismiss the availability of obtaining encryption from outside of the U.S., then he must not realize that, with a quick online search, anyone can find strong encryption products from other countries," Herold said. "The government needs to realize that U.S. tech firms are successful through hard work, strong security products and innovation -- things that all other industrialized countries are also doing to compete with us. Without strong encryption, our tech businesses and sectors that depend upon strong encryption, such as financial and healthcare, etc., will have massive amounts of personal data, as well as intellectual property, put at risk."

Herold said the debate "feels like we are once again on the government's 1990s Clipper chip highway, only with even more to lose, with no safety to gain."

"Why can't our government learn from past mistakes?" Herold asked. "Or, better yet, listen to tech experts who can tell them pursuing encryption backdoors for all U.S. businesses is an exercise in security futility that will only give government leaders, and the public who believes them, a false sense of increased security and safety."

Next Steps

Find out why former CIA and NSA director Hayden supports strong encryption.

Learn more about the Burr-Feinstein draft bill concerning encryption backdoors.

Get the latest on Gen. David Petraeus coming out against encryption backdoors.

Dig Deeper on Disk and file encryption tools

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you think about CIA Director Brennan's comment about encryption backdoors?

Backdoors on anything opens it up to a skill computer person. Think it from this way. I have access to Military Russian computers. I can send a message in Russian to any of its navel fleet using a code (that I have also broken) to fire a missile at another ship.

Maybe I take a Russian ICBM and see if it will hit Paris, London, or New York. Even if the warhead does not explodes I have started a nuclear war.  

Do not worry I have a hard time cracking a walnut let alone some ones code.

No one in his/her right mind would ever write into code a backdoor into any ones  business program. Selective key people have key passwords which is change ever so often.

No backdoors if government agencies want to see what is in some ones computer then go out and get a teenager to do it.

I think we are at war. I think there are actual enemies out there plotting to kill us. I think the attacks will only get deadlier with time unless we get our heads our of our data and do something. All your vaunted secrets will be far less valuable once terrorists target your company's CEO instead of anonymous people on the street. 
@Secretary the argument is circular and endless. If you see a launch through your back door and could redirect that ICBM into the ocean (or right back to the source), would you still walk away...?

I truly understand and share your reticence, but that's not a solution. Given the variables - folks are actively plotting to kill us and the whole plan is on their cellphones - how would you propose we get that information...?
@Secretary - maybe in the Hollywood movies like "Die Hard" firing a missile it's the matter of computer codes but not in the real navy, and certainly not in Russia. No one connects ships and arms to the Internet, and no one keeps them constantly primed.

But you do need to worry because of the US drone warfare program.

I knew a girl a long time ago that went to a college and got a degree. Except she only took one course, paid for it, but as her record shows she took all the courses needed for her degree. She found a back door in the college computers. She also made a few bucks by upgrading  other students grades.

I would believe that she is not the only one who looks for that backdoor in college.

Oh pshaw. Business has shown that its exclusive concern is business. Not customers, not the rest of the world, not reality, just business profits. And with that Big Business has given up its right to complain. We all know what Big Business is really concerned about. Yet outside of the boardroom, there's a real war being waged, with real weapons and real villains. It's time to fight that enemy with every tool at hand, not to keep fretting that it might impact the bottom line. We might be in far better shape if business would join the fight instead of fighting it....
The last thing a Nuclear Power plant wants in their computer system is a back door. Think about it. One kid with time on their hands enters the Nuclear Power plant computer and with a few keys empty the D2 tanks into the local river.  Even better putting government officials on the no-fly list because some kid is having fun. The US government has the hardest time keeping people out of their control computers. Bussiness should not have to worry about the same people snooping into their computers.