[Cryptography] Brennan challenges non-US companies to provide strong encryption
hbaker1 at pipeline.com
Fri Jun 17 15:55:33 EDT 2016
Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate
No choice but to use American gear, grins spymaster
17 Jun 2016 at 00:36, Iain Thomson
CIA director John Brennan told US senators they shouldn't worry about mandatory encryption backdoors hurting American businesses.
And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use US-based technology because it's been forced to use weakened cryptography, they'll be out of luck because non-American solutions are simply "theoretical."
Thus, the choice is American-built-and-backdoored or nothing, apparently.
The spymaster made the remarks at a congressional hearing on Thursday after Senator Ron Wyden (D-OR) questioned the CIA's support for weakening cryptography to allow g-men to peek at people's private communications and data.
Brennan said this was needed to counter the ability of terrorists to coordinate their actions using encrypted communications. The director denied that forcing American companies to backdoor their security systems would cause any commercial problems.
"US companies dominate the international market as far as encryption technologies that are available through these various apps, and I think we will continue to dominate them," Brennan said.
"So although you are right that there's the theoretical ability of foreign companies to have those encryption capabilities available to others, I do believe that this country and its private sector are integral to addressing these issues."
We don't think the CIA man has been paying attention, to put it generously. A study in February found there are 865 encryption products in use around the world supplied by developers in 55 countries. About a third of these packages came from the US, with Germany, the UK and Canada the next biggest suppliers.
Nevertheless, Brennan is right that the bulk of commercial encryption products in use by enterprises are supplied by American firms. The word he missed is "now."
If US firms are mandated to install backdoors, sales of encryption products are going to change very quickly. Very few overseas companies are going to buy a broken encryption system that can be read by US intelligence, and a fair few US companies aren't going to be wild about doing so either.
"It is clearly inaccurate to say that foreign encryption is a 'theoretical' capability," said Senator Wyden.
"Requiring companies to build backdoors in their products to weaken strong encryption will put the personal safety of Americans at risk at a dangerous time and I want to make this clear I will fight such a policy with everything I have."
Interestingly, Brennan didn't mention legislation proposed by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) which would mandate backdoors. The proposed bill has little support and instead Brennan indicated he supported an alternative legislative push.
Instead, Brennan spoke supportively of a bill introduced by Senators Mark Warner (D-VA) and House Committee on Homeland Security Chairman Michael McCaul (R-TX) which would set up a congressional committee to explore the encryption issue.
Not that we should be worried about the CIA snooping, Brennan said. In the past three weeks, the CIA has appointed a privacy and civil liberties officer as a full member of senior staff. The person will review all CIA activities to ensure they are legal, Brennan said.
So that's all right then.
OK, Brennan's thrown down the gauntlet; all of you non-US vendors are invited to provide non-backdoored encryption for us.
More information about the cryptography