Editorial: The NSA remains uninterested in our safety by calling for encryption weakening
The National Security Agency's general counsel, Glenn S. Gerstell, has written an editorial in which he does not once mention the term "encryption backdoor" by name. And yet, that's what it's all about, again.
The short version of this missive by Gerstell is that the NSA wants us, the public, to be on their side the next time they order Apple and others to open up backdoors into their software. Or if it can't pull off public support, the NSA at least wants us to not object when it implements draconian measures against these companies.
The 6,000-word high school term paper on security, published in the New York Times on Tuesday follows recent reports of intelligence agencies finding Apple's security stance becoming more intractable. But, it also follows incidents of the NSA collecting metadata without authorization.
It is ostensibly written for "we, the people," but it is really aimed at technology firms. It is aimed at sending them a very clear message, but it takes about 4,500 words to start delivering that payload with any coherency.
"The challenge for those [national security] agencies will be to find the right approach to working with the private sector to obtain the data needed to fulfill their vital missions in a manner that fits our values and cultures," writes Gerstell. "Of course, there is another path, and it is the one taken by authoritarian regimes around the world. China's approach is to have all that data reside in the central government, in a vast databank of personally identifying information about its citizens, from iris and facial recognition to DNA data."
The very next sentence is "That is antithetical to our values." The NSA here is positioning themselves as the good guys. They want this in your mind, if you're a tech firm who's thinking of resisting them.
This is written as a general advisory to everyone, yet it's anything but general. Alongside the thousands of words that you could just search-and-replace with "backdoor," there's also the NSA's attitude to how Europe is protecting citizens' privacy.
"[Consider] the integrated cybercenters in Britain and the level of government involvement in private sector data usage under the European Union's General Data Protection Regulation," he continues. "Would the American business community accept that model, and would our national politics permit its adoption?"
GDPR has been a royal pain for European companies who've had to decimate their mailing lists and institute strong procedures about how they collect this data, but it's been worth it for both them and their customers. It just presumably isn't worth it for the NSA.
To lead the editorial, Gerstell reminisces about days of yore, and talks about how governments developed the technology to spot early warnings of an incoming attack. Back in those heady cold war days, the NSA was on this front line, developing technologies and methods to see these imminent attacks from a foreign power.
Missing the forest for the trees
Arms races began, and still rage today. Global Power X develops a new technology, so Power Y needs to find a counter to it — and this is how it has always been.
Planes got stealthier, so radar advanced. Submarines got quieter, so sonar and other detection methods improved through research. Missiles got harder to shoot down, bunkers got more protected, and electronic warfare abilities increased — and there have been corresponding technological counter-measures along the way.
Tech firms work to make us safer and Apple, at least, wants us to maintain privacy. This benefits us, this is of great advantage to "we, the people." It does make the job of the agency responsible for one aspect of our safety harder, and until now, apparently, they've always been up to the challenge of developing countermeasures to find and deal with the bad guys.
The NSA apparently feels like they don't have to do this anymore, if Gerstell's opinion matches the entire agency's. They'd rather us all be less safe day-to-day instead of developing their own technologies to combat the sophisticated adversaries that they hunt down the way that assorted agencies and divines of the armed forces have always done.
Literally, the NSA's mandate is to develop these countermeasures.
The NSA's fight isn't the only one
It isn't just the NSA that has threats that they have to deal with. Every day, our information is being probed, our firewalls are being scouted for holes, and the stakes aren't just our personal data, but our finances as well. If we aren't careful with passwords, or our own information security, we all stand to lose every penny that we have from that adversary.
What the NSA wants is their job easier, at the expense of our safety and security. Whataboutism and fear-mongering talking about China's policies doesn't help, and isn't particularly relevant. Calls for citizens to not seek a privacy-regulating GDPR-like regulation in the US sure will help the NSA, but won't do one single thing for the rest of us.
The entirety of this belabored missive from the NSA lawyer comes down to the NSA wanting everyone else to do things because they apparently can't be bothered to up their game. For nearly 70 years, the NSA has been charged with protecting the US. It shouldn't stop now, and it shouldn't expect everyone else to do its work.
The NSA doesn't want to lose the digital revolution, the editorial says. That's not really up to us, and we the people shouldn't be asked to accept less personal safety to make its job easier, nor should we be blamed for its failures.