A Conversation with the NSA: Speech by Richard Ledgett at Westminster
Year of Churchill: A Conversation with the National Security Agency (NSA)
Address given by Richard Ledgett, Deputy Director of the National Security Agency at Westminster College on April 4, 2016.
It’s a real privilege to be here today to participate in Westminster College’s year-long celebration of the 70th Anniversary of Sir Winston Churchill’s famous visit and his delivery of the iconic “Iron Curtain” speech.
And what an epic moment that must have been for all in attendance that day.
Winston Churchill was revered by many. He was a man of principle, distinct presence and multiple talents. A soldier, statesman, journalist, author, artist, sportsman, historian, orator, inventor, and stonemason.
As an author he had more published words than Charles Dickens and Sir Walter Scott combined.
As an orator in a time when most politicians turned to professional speechwriters to craft their messages, he wrote all his own material.
He was a character who was larger than life in a time of momentous events.
When John F. Kennedy granted Churchill honorary U.S. citizenship, he stated that Churchill “mobilized the English language and sent it into battle.”
Churchill’s wartime addresses were carefully and thoughtfully crafted; his words inspired his nation to victory. He was a master of the English language and it is said that no other authorhas ever been cited by more United States presidents.
On a personal level, I’ve been a fan of Churchill’s for years, ever since reading “The Last Lion,” and I’ve been known to quote him myself on occasion.
I’m a fan of his wit as well—all of it, from his interactions with Lady Astor to his commentary on some of his contemporaries to his views on exercise. In fact, I’m a long-time follower of his fitness regime; whenever I get the urge to exercise, I lie down until it goes away.
I truly would have enjoyed hearing him deliver his speech that day.
And make no mistake, when Churchill stood in front of the crowd that had gathered in your gymnasium in 1946, he understood the significance of the speech he was about to give.
His visit to Westminster College became a landmark event in the post-World War II era as the West re-focused from fighting a multi-front “hot” war to what became the Cold War.
In his speech, Churchill acknowledged the United States had emerged as a new world power. At that time, Russia, which would become the other great power in a bi-polar world, was already breaking promises it had made to the U.S. and other allies during the war.
In Churchill’s view it was just a matter of time before Russia would be asserting itself and its communist views outside the Soviet sphere delimited by the Iron Curtain.
He based his assumptions on what he’d observed of the Russians during the war. He knew that the Western democracies would have to stand together to ensure their strength backed their principles and influenced the other nations of the world.
In essence, his words foretold the Cold War which began quietly in the two years after World War II, was in full force by 1947, and lasted more than forty-four years until the dissolution of the Soviet Union in 1991.
Only then was the Iron Curtain finally lifted.
The United States and Great Britain learned how to fight against an ideology that ran directly counter to our values, that relied on a prioritization of state interests over individual rights and intolerance of opposing ideals. It ruthlessly suppressed the freedoms we hold most dear and used fear and hatred as tools to control its people. Sadly, those lessons are applicable today in parts of the world. History must be our teacher. If not, we disadvantage our future. Churchill would likely agree, having once said “A nation that forgets its past has no future.”
Coincidentally, this year also marks the 75th anniversary of another significant, historic Anglo-American interaction, the visit of the first American codebreakers to Bletchley Park, the epicenter of Great Britain’s codebreaking efforts.
The February 1941 visit was the outcome of discussions in London between the Americans and British about potential cooperation on codebreaking against the Axis powers.
Neither side knew what the other had accomplished. The Americans had broken the Japanese PURPLE code used for diplomatic messages, and the British had broken the German ENIGMA code used for high level military messages.
In approving the visit Churchill had prohibited any British discussion of their success against the ENIGMA. This decision reflected his recognition of the value of ENIGMA-derived intelligence, and his concern over keeping the British success a secret from the Germans.
The Americans, two Army and two Navy officers, brought a copy of the device used to decrypt the PURPLE code. They gave the PURPLE device to the British and explained how to break the Japanese codes.
This caused the British to re-examine their initial decision not to share the success against ENIGMA, and a couple of days later the sharing was approved – by none other than Winston Churchill himself. This was the beginning of the “Special Relationship” Churchill referred to in his “Iron Curtain” speech.
That sharing blossomed throughout the war, and was the foundation of an intelligence relationship that helped shorten World War II by as much as 2 years. The exploitation of a few key flaws in the otherwise brilliant design of the commercial Enigma machine, along with clever math, early computing power and some old-fashioned espionage, enabled Allied victory, and not only saved countless lives, but also brought the Holocaust to an early end.
During the war both countries devoted significant efforts to jointly developing the science and art of cryptanalysis – codebreaking – and used the insights they gained from reading German and Japanese coded messages to build strategies and operational plans, and to avoid being surprised by enemy forces.
In doing so they learned the value of partnership in this field and forged a trust relationship based on shared values and mutual respect for their technical skills.
The relationship was codified in what became known as the United Kingdom – United States of America (UKUSA) agreement. An interesting fact – the UKUSA agreement was signed on 5 March 1946, the same day Churchill gave his famous speech here.
In the aftermath of World War II, as the Soviet Union extended that Iron Curtain across Europe, the U.S. and UK built on their WWII experiences and worked to provide insights into Soviet and Warsaw Pact plans, intentions, capabilities, and activities.
That common enemy helped strengthen the partnership even further. After the Curtain was lifted and the Soviet Union disintegrated, the partnership held up to the challenges of a uni-polar world with a host of disparate national security threats.
And the biggest tests came in 9/11 (2001) in the U.S. and 7/7 (2005) in the UK, the largest terrorist attacks on U.S. and British soil. In the aftermath, the partnership between NSA and GCHQ proved to be a match for the challenges we faced in providing insights to threats against our security, and to identifying those to be held accountable for their actions against us.
The world today is very different from that of Churchill’s in 1946. We are faced with a different set of threats and challenges, many of which are similarly motivated by the desires of some to force their views on others.
It was only 13 days ago [22 March 2016] that terrorists detonated bombs in the airport and a metro station in Brussels, killing 35 and injuring nearly 300.
These bombings were the work of the Islamic State of Iraq and the Levant, also known as ISIL. Victims of the attacks included Belgian citizens along with foreign nationals from at least 8 different countries, among them the U.S. and United Kingdom.
Like recent attacks in San Bernardino, Istanbul, Paris, Garland, and Chattanooga, this attack on innocent people going about their daily lives was a stark reminder that, for all our vigilance, the shadow of terrorism persists—both for Americans and for our allies.
Sometimes, the attackers are homegrown, inspired by those overseas as in the San Bernardino case, the worst terrorist attack on the United States since 9/11. The terrorist threats we face today have evolved dramatically from the monolithic, centrally directed and controlled operations to a more decentralized model.
Current threats are more wide-ranging—and less predictable. Where we once spoke of compartmented “networks” and “cells,” today’s threat is distributed across a broader, high-tech landscape.
While we continue to see sophisticated and coordinated attacks, we have also entered a new period of opportunistic terror based on inspiration rather than direction.
And what’s more, these extremists are both on the ground AND on line.
Cyber threats led the list of topics that concerned the Director of National Intelligence at his annual threat assessment. That’s because the one of the biggest threats to our national security these days is not from air, land, or sea – it comes from a computer with a simple Internet connection.
More than any other nation, we are reliant on computer networks that underpin every aspect of our lives – transportation, power, communications, finance, water supply, and food supply. This makes us vulnerable to malicious cyber threats.
Foreign nation-state cyber actors already have the capability to take down critical infrastructure like the power grid, and they are stealing American defense technology and commercial intellectual property at alarming rates.
But it’s not just cyber threats.
A nuclear-armed North Korea seems intent on developing intercontinental ballistic missiles with the express purpose of threatening the United States.
Russia, currently the only existential threat to the U.S., is executing a program to incite tensions in Russian ethnic minorities in the “Near Abroad,” and has used those tensions as an excuse to annex part of the Ukraine via separatist proxies.
China is raising tensions in the South China Sea by asserting its dominance over international waters and over competing claims from the Philippines, Vietnam, and Indonesia.
The conflict in Syria is entering its sixth year, serving as a breeding ground for a host of terrorist groups including Al Qaeda, Al Nusrah Front, and ISIL. As foreign fighters numbering in the tens of thousands flock to Syria to wage jihad, they gain combat experience, make contact with core members of these groups, and learn how to conduct terrorist attacks.
When they return to their home countries in Western Europe and the United States, they are a ready-made force able to conduct attacks like those we’ve seen in France, Turkey, and Belgium. And they are connected to their terrorist brethren.
Today’s world is different because of the most complex system ever devised by man, the global telecommunications network. That network enables instantaneous communication between any points on the globe, and allows for real-time video to be streamed from personal mobile devices so that every significant event is shared right now, with the world.
A key component of this network is the Internet, which links computers all over the Earth and provides an incredible array of useful – even essential – services from email to messaging to videoconferencing.
The Internet brings the world’s information to individuals, and allows them to interact with it and with others in real-time and in ways Churchill’s generation could never have imagined.
It has been an undeniable force for good in the free flow of information to those who would never otherwise see it, and for calling immediate and wide attention to violence, abuse, and injustices.
For those who live in nations that do not allow the free flow of information, the Internet has unfortunately become a barrier – a sort of digital Iron Curtain. Countries like Russia, Iran, and China support an Internet that would provide the means to censor political nonconformists and deny freedom of speech and thought. Fortunately, the development of protections – from Pretty Good Privacy to The Onion Router – has enabled many to freely communicate ideas without fear of reprisal.
The Internet has also been a boon to business, particularly American business, in two major ways.
First, it increases productivity in all types of businesses. It provides a virtual storefront for businesses to interact with their customers, allows them to outsource key functions to lower costs and increase efficiencies, and (by analyzing customer data) allows them to immediately tailor offerings that are likely to meet customers’ needs.
Second, American businesses have been at the heart of the Internet since its inception, and have created a framework of information and communications services and products that comprise the infrastructure and many of the key features of the Internet, and are the envy of the world.
Creativity, relentless innovation, and rapid product development have allowed companies like Microsoft, Google, Apple, Facebook, and Cisco to play the leading role in transforming the technology we use and sustaining economic vitality for the US and innumerable partners who leverage and build upon this now irreplaceable global resource. It has been good for the world in terms of the capabilities they have created, and good for the country in terms of their impact on the U.S. economy.
Technology is neither inherently good nor evil, but it can be used for both. In the hands of a knowledgeable adversary, one computer connection can wreak havoc on an individual, a business, a city, or a nation.
The ubiquity of the Internet, the ability to be anonymous, and the potential for security products to hide illicit activities make the Internet an attractive place to operate for those who would hide criminal activities.
That is certainly going on today.
The so-called “Dark Web” or “Hidden Web” is used to sell any drug you can imagine, from heroin to cocaine to counterfeit antibiotics. You can buy cyber attack tools and services, as well as information on vulnerabilities against which they can be used.
Personally identifiable information is for sale at scale, to include financial information like bank accounts and credit card numbers.
You can hire hit men and prostitutes. And you can find evidence of the sexual exploitation of children on a nearly unimaginable scale. The network connections are protected by encrypted tunnels, and the financial transactions are protected by on-line currencies like BitCoin. It’s a rich ground for criminals.
One especially pernicious mis-user of Internet technology is ISIL, who has mastered the art of using social media to spread their message of hate and their poisonous ideology to every corner of the globe.
ISIL is the principal counterterrorism threat to the United States; they are smart and adaptive, and have developed the ability to remotely radicalize and inspire attacks all around the world.
They are unbelievably savage, executing hostages by sawing off their heads with knives or burning them alive; crucifying children in front of their parents; using rape and sexual bondage as tools of terror; and conducting genocidal acts against populations like the Yazidis and Coptic Christians.
They are proud of their violent acts, posting videos of their savagery on-line. ISIL uses Facebook, YouTube, and Twitter, to name a few, and they do it at scale.
According to the President’s Homeland Security and Counterterrorism chief, Lisa Monaco, there are close to 100,000 Twitter accounts associated with or sympathetic to ISIL, some with as many as 50,000 followers.
Last year ISIL produced 7,000 pieces of slick, professional-looking propaganda that was disseminated by 43 ISIL media offices. By comparison, the New York Times has about 25 branch offices.
ISIL effectively uses the Internet to poison the minds of people far away from their Syrian stronghold, many of whom are middle-class and seemingly well-adjusted. The FBI has ISIL-related investigations in all 50 states. And this is not just an American or a Western problem—as we’ve seen in Copenhagen, Sydney, Paris, Turkey, and Brussels, this is a global problem.
Over the last year, the U.S. Administration has been working with Silicon Valley on solutions for countering the ISIL threat. Companies like Google, Facebook, YouTube, and Instagram have all taken steps to mitigate the threat and attempt to deny ISIL safe haven by removing terrorist content that violates their terms of service.
Twitter has suspended about 125,000 ISIL-linked accounts in the last 6 months. These and other companies are also throwing in with people from the tech, design, advertising, and media worlds to develop ways to identify and counter ISIL’s messaging, and to amplify the voices that provide alternatives to ISIL’s hateful worldview.
The project is called Madison Valleywood, after Madison Avenue, Silicon Valley, and Hollywood.
These endeavors and others are important to our efforts to stop the spread of ISIL, and other terrorist groups like Al Qaeda and its affiliates. A key enabler of these efforts is providing enough “safe space” for them to take hold – by that I mean protecting our citizens and those of other countries against terrorist attacks, so those counter-ISIL messages have time to spread.
Without that safe space, there is danger of a backlash of anti-Islamic sentiment, in response to successful attacks. That backlash supports those who would argue that there is a war between the West and Islam. There is not, but that sentiment feeds into the ISIL and Al Qaeda narrative and fuels their recruiting.
One challenging aspect of this campaign against terrorism is the use of strong encryption by terrorists. ISIL and other terrorist groups use end-to-end encrypted applications over the Internet to secure their ability to interact with people they have or are in the process of radicalizing. Those applications are secure, and the service provider does not hold the keys to decrypt them – they are held only on the devices of the correspondents.
This means when an organization like the FBI produces a lawfully executed warrant for the data, the provider cannot produce an unencrypted message.
The lack of ability to see the content of the message means that we often don’t have insight into the details of a planned terrorist attack that could be used to disrupt it – information like the target, the method, and the timing of the attack.
When successful terrorist attacks do occur, they can inspire anti-Islamic violence as we’ve seen in France and Belgium. Again, these responses feed into the false narrative of “The West against Islam” that terrorist groups use as a tool for recruitment and radicalization.
This is not an argument against encryption. To be clear, NSA supports strong encryption. It’s good for our nation and its citizens, and for people all over the world.
Encryption protects us from criminal and cyber threats and helps safeguard our nation’s intellectual property, critical communications, warfighters, and the future for our children.
But as the President said last month at South by Southwest, we cannot take an absolutist view on this. We cannot choose between the two great goods of securing our information and securing our person. Personal security and privacy rights are not things that need to be traded off against each other – it’s both possible and essential that we do both simultaneously.
We have two values, both of which are important. We need to secure our communications and our data, and use our lawful authorities to prevent activities that harm our safety.
If you think of this as an old-fashioned sweep gauge, there are two ends – one is absolute security of data, the other is absolute security of person. In reality, neither is achievable. But if they were, I would argue against both of them. The right answer is somewhere in the middle.
We have come to a place where we must make a choice about the kind of world in which we want to live. We are smart people; we can simultaneously hold two ideas in our head that are in conflict, and come to a decision on a reasonable course of action. And the answer can’t be an Internet version of the
Iron Curtain; would be contradictory to the basic freedoms upon which this country is founded.
This cannot be a unilateral decision by the government, and it cannot be a unilateral decision by a company or group of companies.
It needs to be a thoughtful and reasoned discussion based on facts, without posturing and extremist arguments from either side of the issue. The discussion needs to include those from the tech sector, privacy advocates, academia, law enforcement, the intelligence community, domestic policy community, and Congress. And it needs to happen sooner rather than later, as the risk of a significant terrorist attack increases the longer we wait. If that happens, the backlash could cause the Congress to pass reactive legislation that would not have the right balance. And that’s not good for any of us.
Once we understand how we want to proceed in the United States, we need to engage with our international partners. U.S. law will be an influencing factor on that of other countries, and we need to work with them to try to strike a good balance that works for them and for us.
Churchill once said of the allied forces “If we are together nothing is impossible, and if we are divided all will fail.” This is true today, even in the face of the challenges brought on by 21st century technology.
One of our principal allies in this international discussion must continue to be the United Kingdom. Our set of shared values and traditions, our leadership roles in the free world, and our history of working hard problems together for the common good make this an easy decision. Together we can work to build an international consensus on how to simultaneously satisfy the need for both information and people to be secure. It’s a challenge worthy of Winston Churchill himself, and one I’m sure he would relish.
Thank you very much.