There were a number of interesting exchanges in the Senate Armed Services Committee on cybersecurity hearing today, which I’ll return to in a bit. But for the moment I wanted to point to this bizarre exchange featuring Bill Nelson.
Nelson: Admiral, I’m concerned about all of these private telecoms that are going to encrypt. If you have encryption of everything, how, in your opinion, does that affect Section 702 and 215 collection programs?
Rogers: It certainly makes it more difficult.
Nelson: Does the Administration have a policy position on this?
Rogers: No. I think we’re still — I mean, we’re the first to acknowledge this is an incredibly complicated issue, with a lot of very valid perspectives. And we’re still, I think, collectively trying to work through what’s the right way ahead, here, recognizing that there’s a lot of very valid perspectives but from the perspective as CyberCommand and NSA as I look at this issue, there’s a huge challenge here that we have got to deal with.
Nelson: A huge challenge? And I have a policy position. And that is that the telecoms better cooperate with the United States government or else … it just magnifies the ability for the bad guys to utilize the Internet to achieve their purposes.
Bill Nelson is apparently very upset by the increasing use of encryption, but seems to believe Apple — which is at the center of these discussions — is a telecom. I’m happy to consider Apple a “phone company,” given that iMessage messages would go through the Internet and Apple rather than cell providers, and I think the IC increasingly thinks of Apple as a phone company. But it’s not a telecom, which is a different legal category.
He also believes that Apple’s encryption would hurt NSA’s Section 215 collection program. And NSA Director Mike Rogers appears to agree!
It shouldn’t. While Apple’s use of encryption will make it harder to get iMessage content, the metadata should still be available. So I’m rather curious why it is that Rogers agreed with Nelson?
In any case, Nelson doesn’t seem very interested in why Rogers immediately noted how complicated this question is — this is, after all, a hearing on cybersecurity and we know the Administration admits that more widespread encryption actually helps cybersecurity (especially since sophisticated hackers will be able to use other available encryption methods).
But I am intrigued that Rogers didn’t correct Nelson’s assertion that encryption would hurt the Section 215 program.
Update: This, from Apple’s transparency report, is one more reason Rogers’ agreement that encryption creates problems for the Section 215 program is so curious.
To date, Apple has not received any orders for bulk data.