Edward Snowden advanced encryption technologies by “about seven years,” National Intelligence Director James Clapper said Monday during a talk hosted by the Christian Science Monitor.
Commercially available software has become so sophisticated so quickly, Clapper added, that it is a “major inhibitor” to the government’s ability to collect intelligence on terrorists, particularly the Islamic State.
“From our standpoint,” Clapper said, “it’s not a good thing.”
But in interviews with NBC News, digital rights and security experts were puzzled over how intelligence officials arrived at the seven-year figure.
“He’s speculating on what would have happened if what happened didn’t happen,” said Amie Stepanovich, U.S. policy director of Access Now. “I’m not sure what metric he’s using.”
And Cindy Cohn, executive director of the Electronic Frontier Foundation, said that instead of focusing on Snowden, the government should consider the obvious — that companies are deploying new technologies in response to consumer demand.
In 2013, Cohn said, 3.1 million phones were stolen in the U.S. The year after that, data breaches led to the exposure of the personal information of half of all American adults. And so far this year, 13.1 million Americans have become victims of identity theft.
“Information is gathered and stored by lots of different entities and not kept secure,” she said. “We’re living in a world where people are feeling increasingly vulnerable.”
Encryption products allow people to protect themselves from those vulnerabilities, Stepanovich said, adding that outlawing such products in the U.S. would make as much as sense as banning the toilet, or some other potential barrier to law enforcement.
Most encryption products aren’t even made in the U.S. A recent worldwide survey by security expert Bruce Schneier found that of the 619 entities that sell those products — such as email, voice and text message encryption — two-thirds aren’t American.
Cohn added that the government hasn’t publicly identified a terror plot where those products derailed an investigation.
“When Clapper says that ISIS worries about their security, I don’t doubt that,” she said. “But we really don’t have any situation where, but for strong encryption, we could have stopped a terrorist attack.”
Instead of raising the specter of more sophisticated terrorism — and condemning Snowden — Clapper should have praised the former NSA contractor, Stepanovich said, noting that government has itself described cyber-security as among the most pressing issues facing the country.
Snowden would have happily accepted. On Twitter Monday, he reacted to Clapper's comments, writing: “Of all the things I’ve been accused of, this is the one of which I’m most proud.”