Tech by VICE

The Man Who Crafted the Patriot Act Now Supports Your Right to Encrypt Data

Former Secretary of Homeland Security Michael Chertoff is at odds with the intelligence community on encryption.

by Jason Koebler
Feb 27 2015, 1:00pm

​Image: ​St0rmz/Flickr

​In the immediate aftermath of the 9/11 attacks, Michael Chertoff, then head of the Justice Department's criminal division, helped craft the Patriot Act, the law that extended the federal government's authority to conduct mass surveillance. Then, he served as the Secretary of Homeland Security for four years. Now, he's a privacy advocate?

Well, not quite. After the Snowden leaks, he continued to support NSA mass surveillance. But, on encryption, Chertoff, now a private practice lawyer and consultant, has changed his tune so drastically that he's expressly at odds with the intelligence world. He says everyone should have a right to encryption—nearly everyone he's worked for doesn't.

In fact, earlier this week, NSA chief Mike Rogers  ​came out against encryption, joining his ​colleagues at the FBI and ​Justice Department, and even ​President Obama, who have all said that law enforcement should have backdoors or a "golden key" to be able to break encrypted communications when necessary.

"That genie is not going back in the bottle"

Intelligence agencies say that they think it's possible to create a system in which companies like Apple or Google—which are both moving toward using encrypted messaging as a standard for all users on iOS and Android—would have to decrypt text messages when served with a warrant. Cryptological experts say that's impossible: Vulnerabilities can be exploited, either by the NSA or by hackers or foreign governments.

Chertoff told me he sides with the crypto world: Consumers should have access to strong, uncompromising encryption without backdoors.

"I'm sympathetic to law enforcement, but nevertheless I've come to the conclusion that requiring network managers or ISPs to retain a key that would allow them to decrypt data moving back and forth on a particular device is not something the government should require," he said. "If you require companies to manage a network to retain a key to decrypt, I guarantee you another provider will allow someone else in the world to have that key. What happens is, honest people will have a key to encrypted data that's held by a third party. As we've seen in the past, that can lead to problems."

Chertoff  ​recently released a report through the Global Commission on Internet Governance that explored what could be done to monitor the dark net. The paper does mention that many people around the world use anonymity tools such as Tor to avoid oppressive governments, but it's also heavy on the dark-net-as-criminal-underground talk.

"In a free society, we don't require people to organize their lives in a way that makes life easier for law enforcement"

To say that he's completely evangelized since leaving the government wouldn't be accurate. And it's important to keep in mind that, partly because of Chertoff, we live in a world in which mass surveillance and data collection are the norm. But now, it seems, he's willing to be frank about issues those still in law enforcement have been unwilling to budge on.

He says, for instance, that listening to people's communications should be hard.

"It's harder to crack encryption without the key—you have to go to the person who has the device and get them to give you the key somehow, but we don't normally, in a free society, require people to organize their lives in a way that makes life easier for law enforcement," he said. "When they come to your house with a warrant, we don't give them a tour."

Chertoff says when he was in charge of Homeland Security, the dark web was a nascent thing, and law enforcement didn't really train its eyes there. That has changed, and Tor, a tool that was, once upon a time, developed by the US government, is now looked at as one of the few bastions of digital secrecy and anonymity. Law enforcement has made strides in cracking Tor, but the service is still viewed as being relatively anonymous.

"I think it's often the case, when the government develops something, that the genie gets out of the bottle. In this case, maybe it's a bigger genie than you thought it was," he said. "I don't know if anyone [in government] has said they regret developing it—as I said, there's value and freedom of speech there. But it doesn't mean you abdicate your responsibility to keep people safe by trying to keep an eye on it if that's where crime has gone.

"But, I think, that genie is not going back in the bottle," he added. "Law enforcement has improved, has become more sophisticated. The bad guys think of new ways to evade, though. It's a constant struggle."

That may be true. But it's one that should be fought, he argues, without compromising the security of the vast majority of people who want to keep their communications private, even if they've got nothing to hide.