Why does the NSA's boss care so much about backdoors when he can just steal all our encryption keys?
Let's get down to the real talk
NSA director Admiral Mike Rogers has said it is vital Uncle Sam's crimefighters snoop on people – and that this should be possible even if citizens use strong encryption.
The spymaster reckons Americans should secure their communications against all eavesdroppers – except, of course, those working for the police, FBI and the NSA (to counter terrorism or something). Experts warn any backdoors allowing this to happen will be exploited by criminals.
Rogers was nattering away at a cybersecurity conference organized by the New America Foundation think tank on Monday. Bruce Schneier, who literally wrote the book on cryptography and was present at the discussion, had to point out that insisting on backdoors in encryption – such as skeleton keys that can decrypt any message – will weaken Americans' security.
Schneier told The Register that Rogers' assertions were concerning.
During the meeting, Yahoo!'s chief security officer Alex Stamos wondered out loud that if his firm is forced to install government-mandated backdoors, would the Russians and Chinese have the right to make similar demands.
"I think that we’re lying [in saying that adding a backdoor] isn’t technically feasible. Now, it needs to be done within a framework. I’m the first to acknowledge that," Rogers said.
"I just believe that this is achievable. We’ll have to work our way through it. And I’m the first to acknowledge there are international implications. I think we can work our way through this."
Rogers quibbled with the term "backdoor," saying that it sounded "kind of shady." He insisted that the right legal framework could be put in place, outside of the FBI or NSA's control, to make the interception of communications possible.
He was also asked about last week's Snowden document dump that showed the NSA and Britain's GCHQ had hacked into the world's largest SIM card manufacturer to steal phone call encryption keys, and Kaspersky Lab's report on NSA malware hidden in hard drive firmware.
"Clearly I'm not going to get into the specifics of allegations. But the point I would make is, we fully comply with the law," he said, adding that he did not believe the security of the internet had been compromised by these operations.
The NSA's legal position is in doubt, however. Section 215 of the Patriot Act, which underpins much of the agency's spying, is up for renewal this year and is due to expire on May 31. Rogers said that it's up to legislators to renew those laws. ®
PS: The answer to the headline's question is perfect forward secrecy: as more communications software uses PFS to keep chatter encrypted even if keys are obtained by agents and miscreants, the Feds need other means to tap our chats.