The National Security Agency (NSA) is easing its stance on encrypted data. The agency's director Mike Rogers shared his thoughts on the ongoing debate surrounding encryption and revealed that the NSA is now in favor of encrypted data.
On Thursday, Rogers spoke at length to the Atlantic Council on the encryption debate.
"Encryption is foundational to the future. So spending time arguing about 'hey, encryption is bad and we ought to do away with it' ... that's a waste of time to me," said Rogers.
The director's admission that the NSA is more than okay with encryption will come as a surprise to most. Should it ring alarm bells? Probably.
Why is the NSA suddenly not worried about gaining backdoors to user data? Is it because it has devised other means to decode and spy on encrypted data?
There are all pertinent questions considering how NSA whistle-blower Edward Snowden exposed the agency's penchant for espionage. In addition to gathering intelligence through wire taps and collecting phone metadata, NSA also deployed a tool called XKeyscore (which was capable of gathering collected online information to create the profile of a citizen accurately) - actions which are in contradiction to its current pro-encryption stance.
The reason why NSA is not worrying about encryption is because they can still conduct a surveillance program.
Security bloggers are of the opinion that the NSA has the know-how to crack cryptography protocols that are commonly used. This is backed by the fact that - as revealed by the leaked Snowden documents in 2013 - that the NSA is investing heavily towards activities oriented towards breaking encryption.
"The 2013 "black budget" request, leaked as part of the Snowden cache, states that NSA has prioritized "investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic," notes the Freedom to Tinker blog at Princeton University's Center for Information Policy Freedom.
The NSA reportedly has a budget of $10 billion each year, with $1 billion just for this purpose.
Moreover, in 2015 a paper from researchers at University of Pennsylvania, Microsoft, Michigan University and John Hopkins University suggests that cracking encryption is quite plausible - even the strongest one.
The paper not only identifies the weaknesses which exist in encrypted data, but also touches on the manner in which encryption can be cracked. The method includes "active attacks on export ciphers in TLS" which translates to attacking one side of end-to-end encrypted data.
It remains a mystery why NSA has changed its stance on security and privacy. We are still uncertain whether or not the reason for this is the agency's discovery of alternate methods to crack encrypted data.