Former NSA Chief: Values Must Not be Compromised in the Name of Security, Not Even During a Pandemic – CTech

If theres one thing thats beyond question, it is that Mike Rogers, former head of the National Security Agency (NSA) loves his country. In an interview with Calcalist, he repeated the word values no fewer than 27 times. But even a patriot like Rogers believes the use of technology to track down citizens during the Coronavirus (Covid-19) crisis is one step too far.

The first thing we need to do is step back, he asserts. We need to ask what type of information needs to be collected to generate insights that would be instrumental to better understand the pandemic. This is a legitimate question to ask. The knowledge and insights generated need to reflect the values of our society. Public health does not render privacy irrelevant or marginal. I dont buy it. In the same way, I dont think privacy should be held up is above all else. Its not a black and white issue.

Rogers, 60, served in the U.S. Navy for 37 years. He started his career as a ship driver, as he likes to call it. In 2018, he retired from his position as head of the countrys top intelligence unit, after serving under two presidents, Barack Obama, and Donald Trump. Shortly afterward, he joined Israeli cyber group Team8 as an advisor. Team8 was founded by brigadier general (Ret.) Nadav Zafrir, a former commander of the Israel Defense Forces Military intelligence Unit 8200, which is often referred to as Israels NSA. This interview was conducted on Zoom, which Rogers joined via his private Gmail address, evidence of the challenges posed to privacy even for a veteran spook like himself during Covid-19 era.

Rogers assumed office as head of the NSA at a particularly complicated time; a short while after Edward Snowden, an NSA sub-contractor, leaked a massive trove of documents exposing how the U.S. government implemented methodical surveillance on millions of people across the globe, both American citizens and foreigners. The saga ended with both Snowden and NSA remaining controversial entities. However, while the young man found himself in exile in Russia, the NSA was legally acquitted and politically pardoned, a problem that Rogers acknowledges.

Look, Im not an idiot. It was clear to me that our society and the world at large were trying to figure out what had happened, he says of the aftermath of the Snowden affair. I tried to determine whether I should be worried, whether the law was being abided by. The people at the NSA were also shocked by the public reaction because they knew they had followed the law. And if their actions were meant to protect the citizens, why were they perceived as the bad guys?

Despite siding with the intelligence forces, Rogers too admits that the government sometimes abuses its power. This is not a new phenomenon, he conceded. The basic principle on which the U.S. was founded is that individual rights are primary and that the state must not be allowed to trample on them. This is the cornerstone of the society.

However, he said, Some degree of distrust has always existed between the state and its citizens. We must acknowledge the cases in which the government exceeded its authority, for example, during the Vietnam War, when we used intelligence capabilities to find out what citizens think about the war and to what extent they support the government. These were exceptional actions. As a result of that period in our history, we have the foundations that guide us to this day closer oversight of intelligence work, by congressional committees, and an external approval mechanism, which also led to the establishment of the Foreign Intelligence Surveillance Courts (FISA).

Still, when pressed, Rogers admits that when a civil society loses its trust in its elected officials and the courts, once they no longer reflect their values, the country has a problem. Peoples trust in the checks and balances is on a decline. Following the Snowden affair, some congress committees stated clearly that the NSA was in full compliance with the law and overseen by elected officials. They told the citizens not to worry because We supervise the work. But it was not enough. People were saying that the politicians do not reflect their concerns and values. The current oversight mechanism failed to give the public the confidence we thought it would. The FISA courts too were criticized in a similar vein, arguing that unlike in ordinary courts, the government stands trial with no one presenting counter arguments.

The public distrust of the NSA posed Rogers with a significant challenge: explaining how the agency works. We needed to acknowledge that the trust of the citizens we serve is one of the most important factors for us. We need to carry out our missions effectively, efficiently, in full compliance with the law, and do so while reflecting societys values. To ensure we meet these criteria, we needed to modify the way we work. I wanted people to know ours is an honest organization that recognizes its mistakes and learns from them, and that if required, we will be able to modify our mode of operations.

But the narrative regarding the Snowden affair still divides the American public, which is strongly concerned with matters of privacy. The US government regards Snowden as a fugitive criminal whose actions have harmed intelligence assets. Large parts of the public, however, regard Snowden as a heroic whistleblower. I dont consider it in terms of victory or defeat, says Rogers when asked if NSA was victorious in changing the narrative. The important thing is that we did our job lawfully and in a manner that reflects our society. I was happy that when the public debate finally ended, we were able to retain most of the authorities and legal frameworks that we had.

Was there a chance this would not materialize?

Absolutely.

How can you tell whether something has changed if everything takes place away from public scrutiny?

Every exposure of our activity has the potential to prevent us from doing our job. Hence, democratic society created a legal framework and an oversight mechanism that allows elected public officials to supervise our work directly. The courts give us no blank checks. Whenever they felt we had not justified our requests, they did not grant them. I never took the freedom of action for granted. It was always important for me to work in a manner that reflects our society and never knowingly violate the law. Never. I believe it is important for society as a wholeand it is evident today with the pandemic that the solutions reflect social values. We do not want to compromise on who we are in the name of security. When you do that, the other side wins.

While Rogers talks passionately about the importance of checks and balances in democratic countries, in Israel the debate over the breach of citizens privacy is subdued, even though both the police and the Internal Security Agency have managed to obtain free access to track citizens mobile phones. Checks and balances are a foundation of democracy, argues Rogers. When we resort to searching for solutions that involve knowledge about private people, for example, during this Covid-19 pandemic, we must ensure the solutions are equipped with checks and balances and instill confidence and trust among the public. I do not like absolute solutions. I prefer to develop ones that have external oversight and regulation.

When Rogers is pressed with questions on the gloomy trade-off between citizens rights and public health, or even national security, he takes us back 70 years. Perhaps because being critical about real-time events is difficult. In December 1941, following the Japanese attack on Pearl Harbor, we deemed it reasonable to force American citizens of Japanese origin out of their jobs or schools, and place them in detention camps. When we look back at this practice today, it is beyond us how we could have done such a thing. It runs contrary to all of our values! You dont treat civilians in this way! Stepping back during a crisis is one of the most difficult things to do, but it allows you to understand not only what you cannot do, but also what is wrong to do. The fact that you can do something does not mean you need to do it.

The delicate balancing of civil rights and privacy becomes even more intricate because of the momentous leaps achieved by the information revolutions. Technological developments in the private sector sent governments and their various branches on an incessant pursuit for control. Take, for example, governments attempts to obtain remote access to smartphones or computer systems in a manner that bypasses the end-to-end encryption of Facebook or WhatsApp chats. Encryptions are vital in the world we live in, says Rogers. Finding information security solutions without encryption is hard. I do not like the idea of neutralizing the encryption, but I am not fond of the expression back door either (referring to the Administrations demand for built-in access to private computer systems, V.A.) Its an expression that reflects stealthy activities. I want the front door, with many locks on it, and I want control over who has access to the keys and the terms under which the door can be opened.

President Obama a constitutional lawyer by training once told us we must acknowledge that one of the guiding principles of the U.S. judicial system is that no information is beyond the reach of the government, as long as it abides by the legal framework. But the reality is that technology has passed the legal and constitutional frameworks, making encryption their poster child. Im not saying its bad. Thats just the way it is.

So there is no privacy at all?

No, there is no privacy. The law stipulates that phone companies must have the means to monitor calls in case the court orders them to do so. I keep reminding people that this capability is part of a legal framework. The federal administration cannot tap a persons phone just because it wants to. Telephone companies will not do that unless they receive a court order, which can also be appealed before an external authority. The system of checks and balances allows a range of worldviews to be heard.

The legal frameworks were also designed to save time and resources. If it is designed by a human, then a human can compromise it, explains Rogers. The question is how long it would take and what resources need to be allocated. So we are looking for new technologies that would overcome the limitations. This is life. You develop capabilities and then the counter-capabilities. Ive spent 37 years of my life doing that.

Today, Rogers is an advisor to Team8, a cybersecurity group that develops defensive capabilities. Discussing the work offensive cyber organizations, which suffer from a terrible public image, sometimes justifiably, Rogers says they stand to profit from the Covid-19 pandemic, not just because the number of people connecting to the network is pushing the existing security infrastructure to the limit, but also because of humans tendency to try to make sense of the new reality. Users are receiving huge amounts of files about coronavirus, creating an excellent opportunity for a country that uses focused cyberattacks, such as phishing.

But Rogers is optimistic about the resourcefulness and resilience of the virtual world, The infrastructure responded well to the challenge. We can maintain communication in a world where physical presence has become dangerous. Within a short time, we have established new normalcy with the means necessary to continue communicating, doing business or keeping in touch with friends and family. Now is the time to see how we make the new structure resilient, the risks it faces and its future. What will the world look like after coronavirus? What lessons do we take from this situation? Which skills do we need to build? There are many questions to ponder.

The former commander of Unit 8200: It doesnt have to be either-or. Some solutions can keep you healthy while protecting your privacy.

"My view of the current crisis is more romantic than Mikes, says Nadav Zafrir, co-founder of Team8 and a consulting client of former NSA Head Mike Rogers. I see a dramatically-positive side to the crisis. If Covid-19 were to have taken place in the 1990s, the world would be falling apart. The things we are doing today are fantastic. Just sending everyone home overnight is an amazing accomplishment.

Everyone talks about the need to track the population, restart the economy and maintain health as running contrary to privacy. I do not think this is an either-or situation. Take cryptography, for example. You can take encrypted information and still run computing operations on it. The crisis has shown us you cannot privatize everything. The State must retain some responsibility, but this does not mean we have no responsibility. We need to provide enabling technologies. We know how to take the healthcare information of confirmed cases and run queries on data received from telecoms. The company that provides the information does not know what information we are looking for and on whom, and those who know what we look for cannot see all of the information. All this can be ensured by an enabling technology called homomorphic encryption. We started the project with open code for a purpose. This approach allowed us to create solutions that address both sides of the equation because until a vaccine is available, we will not be able to resume our normal life.

Read more from the original source:
Former NSA Chief: Values Must Not be Compromised in the Name of Security, Not Even During a Pandemic - CTech

Related Posts

Comments are closed.