The NSA and Encryption
By now, many readers will have seen this report from the New York Times on the capabilities of the NSA to crack encryption systems used in cyberspace. I'm not surprised. That, after all, is the task we've given the NSA and they are quite evidently very good at it. It seems evident however, even allowing for confusion in the reporting, that those capabilities are somewhat misunderstood -- the NSA is still not able t
Published by The Lawfare Institute
in Cooperation With
By now, many readers will have seen this report from the New York Times on the capabilities of the NSA to crack encryption systems used in cyberspace. I'm not surprised. That, after all, is the task we've given the NSA and they are quite evidently very good at it. It seems evident however, even allowing for confusion in the reporting, that those capabilities are somewhat misunderstood -- the NSA is still not able to crack directly some of the most robust cryptography. Rather, their success appears to be in finding ways to circumvent the cryptography -- either by accessing information on a computer before it is encrypted; by introducing flaws into cryptographic standards to exploit or, in some cases apparently, working with cloud service providers to ensure access to cloud-provider-generated cryptographic keys. All of which put me in mind of this XKCD cartoon (HT: Jeff Gould):
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.