NSA director Admiral Michael Rogers has said that encryption is “foundational to the future” — and privacy shouldn’t be sacrificed for security.
The statement is quite a contrast to the government’s usual pro-backdoor rhetoric, which has called for some kind of access into encrypted communications and has subsequently faced fierce opposition from civil liberties groups and tech companies.
“Concerns about privacy have never been higher,” said Rogers in a speech Thursday to the Atlantic Council in Washington D.C. on the balance between privacy and security. He added that officials should be “trying to get all those things right, to realize that it isn’t about one or the other.”
Rogers went so far as to say that arguing against encryption is a “waste of time” and added that large scale attacks on the government, like last year’s OPM breach, will only happen again if the government doesn’t act fast.
He stated that there has to be a balance found between preserving privacy and maintaining national security, such as monitoring terrorist threats. Just how exactly that can be accomplished is not clear and remains the bone of contention in the ongoing encryption debate.
Rogers’ remarks are the other side of the black and white cookie from those of FBI director James Comey, who has repeatedly called for backdoors into encryption technology for law enforcement. In the wake of his frequent comments on the matter, organizations like the Electronic Freedom Foundation (EFF) have decried the idea that encryption can be broken and access allowed for law enforcement.
Rogers’ comments this week may come as a surprise considering he is the director of the NSA, but he is not the first official to make remarks against weakening encryption. Michael Hayden, a former director of the agency, said last month that building encryption backdoors is a “weak security position” for the government to take.
Nevertheless, government representatives continue to table anti-encryption laws, most notably Senator Diane Feinstein’s proposal that would make it mandatory for companies to decrypt data if a court order is in place.