Adm. Michael Rogers, director of the National Security Agency (NSA) and Commander of U.S. Cyber Command, said May 11 that any changes to the bulk telephone data collection program should guarantee quick access to necessary information.
“What concerns me the most is timely access to the data. Because if we’re going to generate outcomes, then if it’s a process that takes weeks and months, that doesn’t really generate the kind of value we need. We need to come up with a process that lets us generate insight and access the data in a much quicker timeframe,” Rogers said at a cybersecurity event hosted by the George Washington University.
Congress is debating a provision of the Patriot Act, Section 215, that the NSA has used to collect bulk telephone records on Americans. The provision is set to expire at the end of May and on May 7 the United States Court of Appeals for the Second Circuit ruled it does not allow the NSA to collect the data it has been collecting for years.
“So the Second Circuit has rendered a legal opinion. The government’s lawyers are working their way through what does that mean and how do we fully implement it,” Rogers said.
He said the program for this data collection has to be within a framework that will generate insights to defend the nation but do so in a way that ensures privacy and engenders confidence.
“Because I always remind people, in the end, the National Security Agency executes a legal framework, that legal framework is developed by our Congress, tested by the courts. That’s exactly the way our Constitution works,” Rogers said.
Rogers also commented on cybersecurity information sharing legislation making its way through Congress.
“You know, among the greatest things that I think Congress can do here is to create a legal framework that enhances this idea of the free flow of information both ways, because I want to be pushing information, in a usable form, to the private sector even as I want them pushing information back to us about what they are seeing.”
Rogers favors a legal framework that produces confidence in the private sector, so companies do not worry about legal liability or other legitimate concerns.
Rogers also confirmed that U.S. Cyber Command may eventually become an independent combatant command. “We continue to assess that. I think at some point that’s the logical direction. I think the question becomes, OK when? What should drive the decision as opposed to doing this now versus doing this later?”
In March, Defense Secretary Ashton Carter said Cyber Command may eventually become its own armed service branch in the future, but it will not change in the near term.
Rogers also responded to questions on increasing encryption and how it challenges law enforcement and national security while trust in government is low.
Although encryption itself is not inherently bad, a set of actors is using encryption as a way to evade law enforcement and intelligence gathering, he said. The FBI and the NSA are asking how as a society is the United States going to deal with encryption. “Is it we’re just going to say well that’s the way it is? Is it, hey, can we create some form of framework that with the right legal oversight and direction we can create a mechanism where we can access that?”
The balance of privacy and the role of government and surveillance is not easy, but the technology is not the prime factor. “It is much more about policy and a social convention about what we’re comfortable with. It’s much less about technology, in some ways today.”
“All this is happening at a time when threat is increasing. As I often say to people, being in an environment where threat is up and trust is down…regardless of what your particular views are, my only comment would be as a nation, that’s a bad place for us to be.”