The deputy director of the United States’ National Security Agency (NSA) during the Edward Snowden leaks has backed the Australian government’s push to force tech giants to assist in revealing the content of some encrypted messages, saying the likes of Facebook and Apple could do more to help track terrorists and criminals.
Speaking to The Australian Financial Review ahead of a trip to Australia this week, Chris Inglis, who was the NSA’s highest-ranking civilian from 2006 to 2014 says the government’s plan to enact law enforcement powers to crack open encryption by the end of the year is an appropriate attempt to strike a balance between protecting privacy and protecting citizens from terrorism.
He says the government’s plan will not require the providers of apps such as WhatsApp, Wickr, Telegram Messenger and iMessage to create new so-called back doors into devices and apps, but will simply involve them doing more to open up their systems on request.
“When citizens look to their government they expect them to protect their privacy and also to keep them safe, this is not an either/or proposition. When I hear your Prime Minister and your Attorney-General speaking about this, I don’t see them favouring one of these over the other,” Inglis says.
“There has been scaremonger comments on these topics, but I haven’t heard your government asking for new back doors, they are merely saying that, if there is a capability already there, they would like to use it under the rule of law, which has always been a legitimate government pursuit.”
Tech giants such as Facebook and Apple have already asserted they provide as much assistance as they can to law enforcement agencies, both in Australia and globally, and say they are powerless to break the encryption on individual messages.
Prime Minister Malcolm Turnbull raised eyebrows around the world with a comment suggesting the laws of Australia trump the laws of mathematics, which led to Edward Snowden tweeting that such remarks create a “civilizational risk”.
Apple chief executive Tim Cook previously wrote an open letter to customers last year after the company refused to build a system to help the FBI unlock the iPhone of a San Bernardino terrorism culprit who jointly killed 14 people.
He said the US government’s request to break encryption would require its engineers to weaken the devices for everyone else around the world.
“The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe,” Cook wrote.
In July, special adviser to the Prime Minister on cyber security Alastair MacGibbon said he couldn’t understand why these companies “viscerally rail against helping protect their customers”, and Inglis says he believes that the likes of Apple are balancing their commercial concerns in markets in all corners of the globe against the option of being as open as possible with different governments.
“Many of these systems already have what I would describe as an appropriate, well-known back door, whether it’s a patching mechanism, or it’s a software update mechanism those are back doors,” he says.
“Most users have every confidence in the world that those work very appropriately and that only the vendor who services their software is able to replace the software, update the software and change the function of that phone in every way, shape, or form.”
Other experts, such as Firstwave Cloud Technology’s Simon Ryan have also suggested that it is entirely possible, at least for Facebook, to reveal the contents of private messages.
Inglis is heading to Australia in his role as chair of the strategic advisory board of US-based behaviour analytics cyber security firm Securonix, which is poised to officially open its operations Down Under this week.
His time in office at the NSA ended a year after its former IT contractor Edward Snowden plunged it into crisis by leaking thousands of documents that laid bare the methods and extent of the agency’s surveillance programs.
Securonix provides technology, which it says detects malicious behaviour within an organisation or network in real-time, and would theoretically stop the kind of exfiltration of private data accomplished by Snowden.
While saying that he still sits more closely to the black-and-white view that Snowden committed an act of betrayal, Inglis says he now has some empathy with Snowden’s purported intention to expose what he believed to be egregious behaviour by the government.
However, he says Snowden’s credentials as a principled whistleblower are called into doubt by the fact that he did nothing to raise concerns in less harmful ways prior to leaking information.
“I would feel more sympathetic about him in 2013 if he had exercised one iota of having raised a hand, lodged a concern, kind of thrown a brick through somebody’s window with an anonymous note to us, but he did none of those things,” Inglis says.
“With allegations like these, you an obligation to actually be factually correct in what you allege is going on, and he was not I think that if you believe in your cause, you should be willing to stand and speak about that in the presence of your peers, and here he is in Moscow, so none of that speaks well of either of his motivation and certainly not of his means.”
Inglis was portrayed in the 2016 Oliver Stone movie Snowden, which followed events leading up to the leak, and which he says provided an “egregious misappropriation of the facts” regarding the attitudes at the NSA and of Snowden’s importance within it.
In the movie a character in Inglis’ role is seen sending Snowden off to head a mission in Hawaii to solve a problem related to China, yet Inglis says the two never met in person, and Snowden was too far removed from the action to be remotely considered for such work.
“I have to imagine that the reason it was portrayed that way was not to make it more interesting, but rather to impress upon the audience that Edward Snowden was somebody that travelled in circles where he would have direct knowledge of the strategies, the means and the conspiracies that are practised by an NSA, and of course he was nowhere near in those places,” he says.
“He was an important enough worker that he was hired to do what he did, but he was working at the edge, and many of the things that he saw, he didn’t fully understand the context of, and he therefore misdescribed.”
Inglis says the sense of shock that permeated the NSA following the leaks had passed by the time he left the agency. He says that he and others within the NSA were comfortable that they were doing the right thing, with noble intentions, and believed they made the scandal worse by mismanaging their external communications before Snowden leaked.
He says the agency should have explained why it had surveillance plans in place and proactively addressed concerns about a lack of controls and restraint.
“If I could go back in time I would address the fact that the government and NSA were not transparent enough the noble purpose and controls were not as well understood as what Snowden was talking about, which was capability, and a capability that you might enjoy never tells the whole story,” Inglis says.
“Most of his allegations were taken as revelations and they were not. His allegations were just that. They were facetious and vilified us.”
Moving into the present, Inglis says he understands people outside the US viewing its present administration with a sense of worry. However, he believes that the checks and balances in place would not allow an unpredictable president to become a national security risk.
The Trump presidency has been dogged by suggestions that his team has been too close to Moscow since the election campaign, but Inglis says there are enough protections in place that would prevent the President from exceeding his remit.
“If I was still at the NSA, I would have to appreciate the President has a role, and that role within the United States system is that he is not the sole and ultimate authority on how the nation proceeds,” he says.
“You have to actually let this play out, because it’s still true that the conflict of ideas is one of our best ideas. I’m confident at the end of the day that our system is going to work its way through what looks like some pretty chaotic controversies at a distance, and frankly, most days, close in, feels that way as well.
“There is a genuine battle of ideas taking place as to what is the proper role of government, and the views are extreme. It looks a bit worrisome, both close in and at a distance, but the system has lived through periods where it was equally chaotic before and we worked our way through it. If you believe in the foundations of this particular form of government, as I do, you have to believe that we’ll figure it out, that we’ll work our way through.”
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- Next Generation Encryption - blogs.cisco.com - December 4th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Types of Encryption | Office of Information Technology - November 5th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 126.96.36.199 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018
- Azure Search enterprise security: Data encryption and user ... - January 26th, 2018
- Skype finally getting end-to-end encryption | Ars Technica - January 13th, 2018
- FBI chief says phone encryption is a 'major public safety issue' - January 13th, 2018
- Encryption and Export Administration Regulations (EAR) - December 27th, 2017
- Key (cryptography) - Wikipedia - December 21st, 2017
- security - Fundamental difference between Hashing and ... - December 15th, 2017
- What Is Encryption? | Surveillance Self-Defense - December 4th, 2017
- Comodo Disk Encryption Download - softpedia.com - December 1st, 2017
- Encryption - Simple English Wikipedia, the free encyclopedia - November 24th, 2017
- BitLocker Drive Encryption Overview - technet.microsoft.com - November 23rd, 2017
- The Encrypting File System - technet.microsoft.com - November 18th, 2017
- FBI cant break the encryption on Texas shooters smartphone - November 13th, 2017
- DOJ: Strong encryption that we dont have access to is ... - November 13th, 2017
- DOJ Fires Up New War With Apple Over Encryption - November 12th, 2017
- Security Awareness - Encryption | Office of Information ... - October 15th, 2017
- Data Encryption and Decryption (Windows) - October 14th, 2017
- Trumps DOJ tries to rebrand weakened encryption as responsible ... - October 11th, 2017
- How to encrypt (almost) anything | PCWorld - September 22nd, 2017
- Private Internet Access | VPN Encryption - September 21st, 2017
- Encryption Substitutes | Privacy | Encryption - September 21st, 2017
- Data Encryption: Hardware & Software Security: Online ... - September 21st, 2017
- How To Enable BitLocker Drive Encryption In Windows 10? - September 21st, 2017
- PGP Encryption Tool - iGolder - September 21st, 2017
- encryption - How to encrypt String in Java - Stack Overflow - September 21st, 2017
- Encryption Software Market, Size, Trends and Forecast 2020 - September 21st, 2017
- Encryption Definition - Tech Terms - September 20th, 2017
- Why You Should Be Encrypting Your Devices and How to Easily Do It - Gizmodo - September 6th, 2017
- Black Hats, White Hats, and Hard Hats The Need for Encryption in Mining and Resources - Australian Mining - September 6th, 2017
- How can enterprises secure encrypted traffic from cloud applications? - TechTarget - September 6th, 2017
- Encryption Explained - Arizona Daily Wildcat - September 6th, 2017
- News in brief: Call to link encryption to ID; Facebook maps everyone ... - Naked Security - September 2nd, 2017
- 'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption - The Register - September 2nd, 2017
- High-Dimensional Quantum Encryption Performed in Real-World ... - Futurism - September 2nd, 2017
- It's Time to Replace Your Encryption-Key Spreadsheet - Data Center Knowledge - September 2nd, 2017
- Legislation to limit smartphone encryption 'may be necessary,' deputy AG Rosenstein says - Washington Times - August 31st, 2017
- Cloud Encryption Market by Component, Service Model, Organization Size, Vertical And Region - Global Forecast to ... - Markets Insider - August 31st, 2017
- Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings - Hashed Out by The SSL Store (registration) (blog) - August 31st, 2017
- Encryption in Office 365 - Office 365 - August 29th, 2017
- Need-to-Know Only: Use Encryption to Make Data Meaningless to ... - Security Intelligence (blog) - August 29th, 2017
- Four strategies to prevent data encryption from hijacking your network - Digital News Asia - August 29th, 2017
- Amber Rudd is wrong - real people do want end-to-end encryption - ITProPortal - August 29th, 2017
- Why encryption is for everyone - IFEX - August 29th, 2017
- 4D quantum encryption successful in first real-world test - New Atlas - New Atlas - August 29th, 2017
- For the First Time Ever, Quantum Communication is Demonstrated in Real-World City Conditions - Futurism - August 26th, 2017
- High-Dimensional Quantum Encryption Takes Place in Real-World ... - Photonics.com - August 26th, 2017
- Hedvig Bakes Encryption into Software-Defined Storage Platform - IT Business Edge (blog) - August 26th, 2017
- Hedvig storage upgrade adds flash tier, encryption options - TechTarget - August 26th, 2017