NSA : "Face au chiffrement, oui aux backdoors"

   NSA : "Face au chiffrement, oui aux backdoors" 

 

 

Certains affichent clairement leurs intentions. C'est la cas de la NSA par la voix de son directeur Mike Rogers le 23 février dernier face au directeur de la Sécurité de Yahoo! Nous reproduisons ci-dessous l'échange assez vif (en anglais) entre les deux hommes tel que le publie le site américain justsecurity.org.  

 

A l'occasion des rencontres Cybersécurité en Amérique qui viennent de se tenir à Washington (http://www.newamerica.org/new-america/cybersecurity-for-a-new-america) le responsable de la sécurité de Yahoo, Alex Stamos a posé à une question à  Mike Rogers, directeur de la NSA suite a une suggestion des autorités gouvernementales US face au chiffrement systématique des données."Face au chiffrement oui 

 

 Les autorités administratives US considèrent comme un obstacle le chiffrement des données des entreprises et des particuliers pour mener certaines enquêtes. Pour l'administration nord américaine, les éditeurs de solution de sécurité devraient permettre la mise en place de backdoors afin de leur autoriser l'accès. Au delà des aspects illégaux de cette demande en Europe, cette approche fait dire à de nombreux experts en cryptographie que ces ces accès peuvent être exploités par "n'importe qui".

 

Dès lors  le directeur de la sécurité de Yahoo! a posé la question suivante au directeur de la NSA: « Si nous mettons en place des accès spécifiques pour le gouvernement américain, pensez vous que, sachant que nous avons 1,3 milliard d’utilisateurs à travers le monde, nous devrions également mettre en place des moyens identiques pour le gouvernement chinois ? Pour la Russie ? L’Arabie Saoudite ? Ou la France ? A quel pays devons nous donner l’accès ? ».

 

Comme le prouve l'extrait ci-dessous, le directeur de la NSA a semblé gêné et n'a pas livré une véritable réponse. 

 

Alex Stamos (AS): “Thank you, Admiral. My name is Alex Stamos, I’m the CISO for Yahoo!. … So it sounds like you agree with Director Comey that we should be building defects into the encryption in our products so that the US government can decrypt…

 

Mike Rogers (MR): That would be your characterization. [laughing]

 

AS: No, I think Bruce Schneier and Ed Felton and all of the best public cryptographers in the world would agree that you can’t really build backdoors in crypto. That it’s like drilling a hole in the windshield.

 

MR: I’ve got a lot of world-class cryptographers at the National Security Agency.

 

AS: I’ve talked to some of those folks and some of them agree too, but…

 

MR: Oh, we agree that we don’t accept each others’ premise. [laughing]

 

AS: We’ll agree to disagree on that. So, if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?

 

MR: So, I’m not gonna… I mean, the way you framed the question isn’t designed to elicit a response.

 

AS: Well, do you believe we should build backdoors for other countries?

 

MR: My position is — hey look, I think that we’re lying that this isn’t technically feasible. Now, it needs to be done within a framework. I’m the first to acknowledge that. You don’t want the FBI and you don’t want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn’t be for us. I just believe that this is achievable. We’ll have to work our way through it. And I’m the first to acknowledge there are international implications. I think we can work our way through this.

 

AS: So you do believe then, that we should build those for other countries if they pass laws?

 

MR: I think we can work our way through this.

 

AS: I’m sure the Chinese and Russians are going to have the same opinion.

 

MR: I said I think we can work through this.

 

AS: Okay, nice to meet you. Thanks.

 

[laughter]

 

MR: Thank you for asking the question. I mean, there are going to be some areas where we’re going to have different perspectives. That doesn’t bother me at all. One of the reasons why, quite frankly, I believe in doing things like this is that when I do that, I say, “Look, there are no restrictions on questions. You can ask me anything.” Because we have got to be willing as a nation to have a dialogue. This simplistic characterization of one-side-is-good and one-side-is-bad is a terrible place for us to be as a nation. We have got to come to grips with some really hard, fundamental questions. I’m watching risk and threat do this, while trust has done that. No matter what your view on the issue is, or issues, my only counter would be that that’s a terrible place for us to be as a country. We’ve got to figure out how we’re going to change that.

 

[Moderator Jim Sciutto]: For the less technologically knowledgeable, which would describe only me in this room today, just so we’re clear: You’re saying it’s your position that in encryption programs, there should be a backdoor to allow, within a legal framework approved by the Congress or some civilian body, the ability to go in a backdoor?

 

MR: So “backdoor” is not the context I would use. When I hear the phrase “backdoor,” I think, “well, this is kind of shady. Why would you want to go in the backdoor? It would be very public.” Again, my view is: We can create a legal framework for how we do this. It isn’t something we have to hide, per se. You don’t want us unilaterally making that decision, but I think we can do this.

 

 

Pour en savoir plus sur cet article et accéder à votre contenu personnalisé profiter de notre offre

CYBERISQUES.COM premier service de Veille "Business & Cyber Risks" pour les dirigeants et membres des COMEX/CODIR

Abonnement individuel par eMail personnalisé 40 envois / an

offre spéciale anniversaire  887 Euros* au lieu de 1199,00 Euros

offre spéciale anniversaire : http://www.cyberisques.com/fr/subscribe

 

  

Les dossiers de Cyber Risques News

CYBERISQUES.COM premier service de Veille "Business & Cyber Risks" pour les dirigeants et membres des COMEX/CODIR

Renseignements   Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.

 

 

Informations supplémentaires