The NSA has lost some terrorists because of their adoption of strong encryption, but the agency is supportive of the use of the technology, it's top lawyer said Wednesday.
Glenn Gerstell, general counsel of the National Security Agency, made the comments at the Cambridge Cyber Summit at MIT in Cambridge, Massachusetts.
"We are big supporters of encryption," said Gerstell. "Encryption is more of a law enforcement issue."
He said the NSA sees ISIS terrorists using end-to-end encryption, and that has prevented the agency from finding out the key information about those bad actors.
The widespread availability of encryption technology requires the government to employ additional resources to monitor terrorists, said Gerstell. He declined to elaborate on specific sources and methods.
Privacy advocate Cindy Cohn, executive director of the Electronic Frontier Foundation, listed some of the methods the government may use when encryption blocks access to information shared by suspects: They install key loggers on devices to discover passwords, stop computers on their way to being shipped and install backdoors or send fake messages masquerading as popular services like Facebook to trick suspects to divulging passwords.
"We know they purchase vulnerabilities and don't tell the companies their systems are vulnerable," she said.
About 90 percent of the vulnerabilities the government discovers are in fact disclosed, but at times they choose not to share that information for national security reasons, said Gerstell.
The NSA is in an excellent position to assess cyberthreats given its tech chops, but the anonymity enabled by end-to-end encryption — whose adoption is growing — allows some people to get away with "mischief" and the barriers to entry for the use of this technology are "extremely low," he said.
Cybersecurity is the biggest threat the NSA will face over the next couple of decades, and the agency is very focused on combating cybercrime. It takes a multifaceted approach — working hand in hand with the FBI and Department of Homeland Security to share threat information, and issuing bulletins to reach the public where appropriate, Gerstell said.
The conference is sponsored by CNBC, MIT and The Aspen Institute.