National Security Agency Director Adm. Michael Rogers gave an interview with Yahoo News’s Michael Isikoff. The interview is full of misleading statements and poor logic.
Rogers confirmed speculation that began right after the attack: that “some of the communications” of the Paris terrorists “were encrypted,” and, as a result, “we did not generate the insights ahead of time.”
According to this logic, if any terrorist uses any encryption, then law enforcement will not be able to find anything out about them. This is demonstrably false. The former director of the NSA, Gen. Michael Hayden, has said that, “We kill people based on metadata.” Metadata still exists even if communications are encrypted. Former NSA General Counsel Stewart Baker said that metadata can tell you, “everything about somebody’s life,” and that, “If you have enough metadata, you don’t really need content.”
Adm. Rogers goes on from that last point:
“Clearly, had we known, Paris would not have happened.”
This is an example of the logical fallacy of circular logic. Circular logic is when “the reasoner begins with what they are trying to end with.” Adm. Rogers assumes that if he had enough information then he would have been able to predict, and therefore stop, the attacks. According to his logic, there would never be the situation where law enforcement had information but failed to connect the dots and turn the information into actionable intelligence. Something like, say, an arrested Al Quaeda operative being “described as interested in flight training for the purpose of using an airplane in a terrorist act” before 9/11 happened.
From a little later in the article:
Rogers has at times sought to steer a middle ground in this debate, acknowledging that encryption is “foundational to our future” and even saying recently that arguing about it “is a waste of time.”
Encryption is “foundational to our future” (I would add foundational to our present society) and arguing about it is a waste of time.
Adm. Rogers doesn’t stop there, though, and goes on to argue about encryption.
He frankly acknowledged, “I don’t know the answer” to unencrypting devices and applications without addressing the concerns over privacy and competitiveness, calling for a national collaboration among industry and government officials to solve the problem.
This is an example of the fallacy of argument to moderation. This fallacy says that in a choice between two extremes, the correct choice will fall somewhere in the middle. In this case, perfect encryption and total law enforcement access to all data would both be ruled out and the correct solutioon to the “going dark problem” would be somewhere in the middle. Once again, though, that ignores that it’s not an argument between two possible policy decisions. It’s an argument between having the most robust security you can or purposefully weakening security.
Once again:
Rogers also provided new details about his agency’s efforts to implement the USA Freedom Act, a law passed in the wake of the Edward Snowden disclosures, which he said has made it “more expensive” for his agency to access the phone records of terror suspects inside the United States and has resulted in a “slightly slower” retrieval of data from U.S. phone companies.
That was kind of the point of the law.
But Rogers said the delay in retrieving phone records is measured “in hours, not days or weeks,” and he has not yet seen any “significant” problems that have “led to concerns … this is not going to work.”
Wow, just a few months ago, he was saying the exact opposite when he was lobbying against the bill, saying that “Americans will become less safe” when the Freedom Act goes into effect.
That kind of makes you wonder how much faith we should put into what Adm. Rogers says. As Ars Technica points out in their article on this Rogers interview, the Paris attacks should also cause us to question the value of what Adm. Rogers says.
ISIS has been known to use encrypted communications, such as Telegram, to communicate and recruit. But despite those encrypted communications, the US did provide a warning of an impending ISIS attack in France, despite any encryption, over two months before the attack.
So, there was some forewarning that ISIS would attempt to attack France, despite the use of encryption by some terrorists. And, even more damaging to Adm. Rogers idea that “had we only known” we would have been able to stop the attacks is that the French did receive specific warnings about one of the attackers. Turkish police said they notified the French about him multiple times about him, but that, “We did, however, not hear back from France on the matter.”
Workentin's Cybersecurity Blog 