Brennan warns on encryption
In public testimony, CIA Director John Brennan cautioned lawmakers on how terrorists and other malefactors are taking advantage of commercial encryption tools.
Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.
In the wake of the mass murder with terrorist links in an Orlando nightclub in which 49 Americans were killed, CIA Director John Brennan renewed his call for finding a way for law enforcement and others to access encrypted communications. In so doing he offered a tacit endorsement of a bipartisan plan to establish a congressional encryption commission made up of experts, tech leaders and law enforcement to offer legislative recommendations.
"I strongly support encryption as a capability that protects our way of life, our prosperity, our national security," Brennan said. "A the same time…we need to have the opportunity to deal with this new environment of the digital domain so that government can appropriately safeguard the interests of citizens."
Such an effort, Brennan said, "requires the experts to be able to get together, the legal, the technical, the practitioners, to find some way that is not going to be perceived as a backdoor, but is going to allow the government to legitimately carry out its responsibilities while not compromising the great benefits that accrue to encryption."
Brennan offered his views in a rare open session of the Senate Select Committee on Intelligence on June 16.
Some on the panel worried that building law enforcement backdoors or other workarounds to strong encryption could damage U.S. interests and lead to terrorists and other malefactors seeking encrypted apps designed and supported by non-U.S. developers.
Sen. Mark Warner (D-Va.), a sponsor of legislation backing an encryption commission, worried about government pursuing "a solution set that would simply push the bad guys onto foreign-based hardware and software."
Brennan dismissed this argument, testifying that, "U.S. companies dominate the international market as far as encryptions technologies…and I think that we will continue to do so," and characterized the foreign development of such applications as "theoretical."
Subsequent to the hearing, committee member and privacy advocate Sen. Ron Wyden (D-Ore.) disputed Brennan's characterization in a statement that noted, "Strong encryption technologies are available from foreign sources today -- half of them of them are inexpensive and the other half are free."
Exporting info sharing
Brennan also touted work being done to extend information sharing to European partners. He said that it was often a challenge for European countries that have historical rivalries and aren't used to sharing with each other. Even within individual countries, he said, there may be several intelligence and security services that lack "interconnectivity from a mission or from an IT perspective."
Brennan said there are "some mechanisms that we can use to better facilitate info sharing among them," to make data operational to border patrols and police. The CIA shares with a Counterterrorism Group of 30 nations – the 28 European Union nations plus Norway and Switzerland.
While he said there was progress on this front, the CTG countries "have a ways to go." Brennan said that "it's not just a technical or IT solution – it is also an issue of how they are going to protect the privacy of their individual citizens as they share information: what is the threshold of putting an individual name and biographic data into a database, putting them on a watch list."
Cyber "blinking red"
Sen. James Lankford (R-Okla.) asked Brennan how he would brief the next president before he or she assumes office, with an eye to eliciting threats that are "blinking red" and must be addressed.
Brennan's reply included terrorism, nuclear proliferation and regional instability, but the very first item on his list was cybersecurity.
He said an incoming president "needs to use all four [or] eight years to tackle this issue, because it is going to take time to come up with the types of standards that are necessary."
Separately Brennan said he saw "some effort" by the Chinese government to follow through on political commitments made not to sponsor or direct the use of cyberattacks to steal intellectual property for commercial gain. However, Brennan said, there are many different governmental, quasi-governmental, and freelance operators in China with different agendas and rules of the road.
"I continue to be concerned about the cyber capabilities that reside within China, as well as the actions that some continue to undertake," Brennan said.