I thought the national threat assessments presented by DNI Clapper and DIA Director LtGen Stewart along with the release of the FY17 defense budget would offer plenty to engage you with in February, but the more I examined them the less interesting I found them to be. The biggest news in the Obama Administration’s last defense budget is that it remains essentially flat while laying down markers for transitioning to the as yet to be defined “Third Offset” which will increase military power through the smart use of technology to enhance human capabilities in the battle space. The intelligence threat assessments presented to the House and Senate Armed Services Committees were, to be kind, a laundry list of twenty plus threats that seemed more aimed at justifying why the defense and intel budgets for FY 17 should not be cut than providing the national leadership with informed insights about the most dangerous threats confronting our country. It seems the media and the presidential campaigns reacted the same way I did given the amount of attention they have shown these threat assessments and what would be the next President’s inherited defense budget.
Far more interesting to me in February were the three national security stories that continue to be slowed rolled. During LtGen Stewart’s threat assessment testimony, HPSCI Chairman Devin Nunes expressed his growing impatience with the slow pace of the DoD IG’s investigation into the now six month old charges that CENTCOM intelligence assessments were being altered by seniors in the chain of command so the White House could claim progress against ISIS. Similarly the Chairman of the Senate Armed Services Committee Senator McCain expressed public anger with the Navy and DoD for not providing his committee with more details regarding the capture and release of two USN riverine patrol boats off of Farsi Island in the Persian Gulf by Iranian Revolutionary Guard forces. Unless DoD and/or the Navy becomes more responsive, Senator McCain says he is ready to subpoena the eleven USN sailors involved in this bizarre capture and release incident. Then there is former Secretary of State Hillary Clinton’s email saga, which the Justice Department keeps signaling that it does not intend to deal with until after the election in November.
Certainly the most controversial national security topic of 2016 so far is the debate about whether Apple can refuse to comply with the FBI’s warrant that the company provide a decryption code for unlocking the iPhone of San Bernardino Terrorist Syed Rizwan Farook. The FBI says it needs Apple’s assistance to unlock Farook’s phone so it can determine who else might have been involved in the December 2nd shooting that left 14 dead and 22 seriously injured. Apple is refusing on the basis that by assisting the FBI it will make its customers’ data less secure to both domestic and foreign intrusions in the future. There is also the interesting legal wrinkle that the FBI is not asking Apple for an existing decrypt code but that the company develop one for unlocking Farook’s iPhone. The larger issue at play here, of course, is the commercial IT industry’s ability to make available in the market place end-to-end encryption that could put information beyond the reach of the government even with a warrant for legitimate criminal and national security investigations and would effectively create “evidence free zones” for those meaning to do harm to American citizens and interests.
As would be expected, the law enforcement and intelligence community support the FBI’s position as essential to protecting Americans from both terrorists and criminal enterprises that could be domestic or foreign in origin. Conversely, civil libertarians and the tech Industry side with Apple in terms of protecting American citizens from the U.S. Government, foreign governments, terrorists, criminals, and corporations from accessing private information for their own purposes.
Two developments have surprised me though as this fascinating and important legal debate has unfolded.
The first is Secretary of Defense Ash Carter telling the RSA Conference in San Francisco during the first week of March that he favors strong encryption without backdoors. “Data security — including encryption — is absolutely essential for us,” he said. “None of our stuff works unless it’s connected … So we’re four-square behind strong data security and strong encryption.” NSA Director Admiral Mike Rogers in his remarks earlier in the week at this same RSA Conference avoided directed comment on the FBI/Apple debate but said in concluding his presentation that one of the things that gives him the greatest concern is cyber operatives expanding from denial of service and theft of information to the manipulation of data such that we lose confidence in the data the digital enterprise is delivering to us. While comments he has made in different venues suggest Admiral Rogers sees a strong need for government access to commercial encryption for national security reasons, his concerns about data manipulation also indicate he understands the importance of data protection for these same national security concerns.
The second surprise is the Chertoff Group White Paper “The Ground Truth about Encryption and the Consequences of Extraordinary Access” (http://chertoffgroup.com/cms-assets/documents/237983-373343.the-chertoff-groupthe-ground-truth-abo). The conclusion this paper comes to is that “an extraordinary access requirement is likely to have a negative impact on technological development, the United States’ international standing, and the competitiveness of the U.S. economy and will have adverse long-term effects on the security, privacy, and civil liberties of citizens.” The surprise is not in the arguments this paper makes for unbreakable commercial encryption, but that it is coming from a group founded and lead by Michael Chertoff who served as President George W. Bush’s Department of Homeland Security Secretary from 2005 to 2009.
This clash of competing rights between the government’s legitimate needs to have access to information essential for ensuring the security/safety of Americans and the needs of American’s to protect access to their information from intrusion and misuse when the federal government can’t or won’t is the grist for a landmark Supreme Court decision. I am not smart enough to know whether we are safer with the government being able to obtain citizens’ digital information with a warrant or if we are more secure if encrypted data is protected from all seeking access to it. What I am confident about is that our judicial and legislative processes will arrive at a conclusion for this access to encrypted data conundrum (perhaps with assists from the tech and policy communities) that will be widely accepted because we will all understand how and why it was arrived at thanks to our Constitution.
That’s what I think; what do you think?