“When you find a vulnerability in encryption software you should fix it, not exploit it,” former U.S. cyber security advisor Richard Clarke said Tuesday during a packed session at the RSA Conference in San Francisco.
The thinly veiled reference to the controversy regarding the alleged shady deal between the National Security Agency (NSA) and security firm RSA drew scattered applause from the audience. Clarke also acknowledged that last year’s revelations by Edward Snowden implied that as technology has advanced and grown, so had “the potential for a police surveillance state.”
Beyond that, both Clarke and General Michael Hayden, formerly director of the NSA and of the CIA, downplayed concerns about the NSA “spying” scandal, stressing the program is both legal and not unexpected. Both men expressed doubt that other countries, including our allies, didn’t know that spying was going on with Clarke characterizing the outrage as being as disingenuous as Peter Lorie in Casablanca when discussing gambling at Rick’s.
“A lot of people knew it was going on and are doing it too,” Clarke said. Hayden noted that the program had been authorized by two presidents and received the required nods from Congress and the judicial branch.
While both speakers took jabs at Snowden, with Clarke at one point saying “it makes my blood boil” to hear supporters call him a whistleblower, they agreed that NSA bore responsibility for the steady stream of revelations. “If NSA had better internal security, none of this would have happened,” said Clarke.
The former government cyber security guru’s 300-page Review Group on Intelligence and Communications Technology requested by President Obama made 46 recommendations for tightening NSA security and improving transparency of U.S. surveillance activity.
Clarke noted that both goals could be met more easily if senior policymakers in government “learn about intelligence and how it’s collected,” clarify “what they want collected and not collected,” and then give NSA clear guidance.