During Monday's Cybersecurity for a New America conference in DC, Yahoo's Chief Information Security Officer Alex Stamos stood up and had an intense verbal showdown with NSA director Mike Rogers about the NSA's plan to ban working crypto, in which the nation's top spook fumfuhed and fumbled to explain how this idea isn't totally insane.
Alex Stamos (AS): "Thank you, Admiral. My name is Alex Stamos, I'm the CISO for Yahoo!. … So it sounds like you agree with Director Comey that we should be building defects into the encryption in our products so that the US government can decrypt…
Mike Rogers (MR): That would be your characterization. [laughing]
AS: No, I think Bruce Schneier and Ed Felton and all of the best public cryptographers in the world would agree that you can't really build backdoors in crypto. That it's like drilling a hole in the windshield.
MR: I've got a lot of world-class cryptographers at the National Security Agency.
AS: I've talked to some of those folks and some of them agree too, but…
MR: Oh, we agree that we don't accept each other's premise. [laughing]
AS: We'll agree to disagree on that. So, if we're going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?
MR: So, I'm not gonna… I mean, the way you framed the question isn't designed to elicit a response.
AS: Well, do you believe we should build backdoors for other countries?
MR: My position is — hey look, I think that we're lying that this isn't technically feasible. Now, it needs to be done within a framework. I'm the first to acknowledge that. You don't want the FBI and you don't want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn't be for us. I just believe that this is achievable. We'll have to work our way through it. And I'm the first to acknowledge there are international implications. I think we can work our way through this.
AS: So you do believe then, that we should build those for other countries if they pass laws?
MR: I think we can work our way through this.
AS: I'm sure the Chinese and Russians are going to have the same opinion.
MR: I said I think we can work through this.
AS: Okay, nice to meet you. Thanks.
Yahoo exec goes mano a mano with NSA director over crypto backdoors [Dan Goodin/Ars Technica]
(Image: Gunfight, micadew, CC-BY-SA)