The prize: your backdoor – specifically, “backdoor” access to the encrypted data of tech firms’ customers, which the intelligence community claims will help them track criminals, while tech companies say it will only compromise public privacy.
Below are the highlights of the tense exchange between Rogers and Stamos, as reported by Just Security:
Alex Stamos (AS): No, I think … all of the best public cryptographers in the world would agree that you can’t really build backdoors in crypto. That it’s like drilling a hole in the windshield.
Mike Rogers (MR): I’ve got a lot of world-class cryptographers at the National Security Agency.
AS: I’ve talked to some of those folks and some of them agree too, but …
MR: Oh, we agree that we don’t accept each others’ premise. [laughing]
AS: We’ll agree to disagree on that. So, if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so … for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?
MR: So, I’m not gonna … I mean, the way you framed the question isn’t designed to elicit a response.
AS: Well, do you believe we should build backdoors for other countries?
MR: My position is – hey look, I think that we’re lying that this isn’t technically feasible. Now, it needs to be done within a framework. I’m the first to acknowledge that. You don’t want the FBI and you don’t want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn’t be for us. I just believe that this is achievable. We’ll have to work our way through it. And I’m the first to acknowledge there are international implications. I think we can work our way through this.
AS: So you do believe then, that we should build those for other countries if they pass laws?
MR: I think we can work our way through this.
AS: I’m sure the Chinese and Russians are going to have the same opinion.
MR: I said I think we can work through this.
AS: Okay, nice to meet you. Thanks.
MR: Thank you for asking the question. I mean, there are going to be some areas where we’re going to have different perspectives. That doesn’t bother me at all. One of the reasons why, quite frankly, I believe in doing things like this is that when I do that, I say, “Look, there are no restrictions on questions. You can ask me anything.” Because we have got to be willing as a nation to have a dialogue. This simplistic characterization of one-side-is-good and one-side-is-bad is a terrible place for us to be as a nation. We have got to come to grips with some really hard, fundamental questions. I’m watching risk and threat do this, while trust has done that. No matter what your view on the issue is, or issues, my only counter would be that that’s a terrible place for us to be as a country. We’ve got to figure out how we’re going to change that.
Moderator Jim Sciutto: For the less technologically knowledgeable, which would describe only me in this room today, just so we’re clear: You’re saying it’s your position that in encryption programs, there should be a backdoor to allow, within a legal framework approved by the Congress or some civilian body, the ability to go in a backdoor?
MR: So “backdoor” is not the context I would use. When I hear the phrase “backdoor,” I think, “Well, this is kind of shady. Why would you want to go in the backdoor? It would be very public.” Again, my view is: We can create a legal framework for how we do this. It isn’t something we have to hide, per se. You don’t want us unilaterally making that decision, but I think we can do this.
The conference, which took place Monday in Washington, DC, brought together the public and private sectors, military, media, academia, and government and non-governmental organizations for discussion panels and speeches on a wide range of cybersecurity issues.