Stewart Baker, outspoken voice on cybersecurity and national security law, dies at 78

Stewart Baker, a former general counsel for the U.S. National Security Agency, senior Department of Homeland Security official and longtime advocate for strong national security policy, died unexpectedly 30 April while jogging. He was 78. 

Throughout his career, Baker helped shape policies around surveillance, encryption, cybersecurity and data protection. His influence on professionals in national security, cybersecurity and data protection law and policy is deep and broad. 

From the 1990s crypto wars to post-9/11 passenger travel data disputes and the Snowden-era debates over metadata, Baker was a leading legal voice for the view that privacy and civil liberties must be weighed against rapidly changing national security threats brought on by digital technology. Though many of his positions drew stark criticism from privacy advocates, he was always up for a debate. 

NSA tenure and the so-called 'crypto wars' 

With his tenure at the NSA from 1992-94, Baker was at the center of the early "crypto wars" involving policy around government access to encrypted data. 

At the time, the NSA was defending the use of the controversial Clipper Chip, a key escrow encryption tool developed by the agency that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." 

In 1994, Baker defended the Clipper Chip in an editorial for Wired by "debunking" what he characterized as seven myths about key escrow encryption. He wrote, "the key escrow proposal is not about increasing government's authority to invade the privacy of its citizens. All that key escrow does is preserve the government's current ability to conduct wiretaps under existing authorities." 

Though the Clipper Chip was out of use by 1996, the encryption debates would erupt decades later in the wake of the San Bernardino terrorist attacks, prompting the "Apple v. FBI" controversy in which the agency sought access to the terrorists' iPhone by breaking its built-in encryption. 

In 1998, Baker co-wrote the book, "The Limits of Trust: Cryptography, Governments, and Electronic Commerce," which examined how governments should regulate cryptography. 

Prior to the 2015 terrorist attack, Baker remained a steady voice defending government access to user data. In a 2014 event in Dublin, Baker argued that moves to encrypt user data by Big Tech companies Apple and Google was worse for intelligence gathering in the West than surveillance by China or Russia. 

"The state department has funded some of these tools, such as Tor, which has been used in Arab Spring revolutions or to get past the Chinese firewall, but these crypto wars are mainly being fought between the American government and American companies," he argued. 

"There's a very comfortable techno-libertarian culture where you think you're doing the right thing," he said. "But I've worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner or later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished. … Tech companies are picking a big public fight with the NSA because it looks good." He added, "The crypto wars have about as much to do with the outcome of security as the Soviet-Finnish war of 1939 had to do with the outcome of World War Two." 

Digital surveillance post-9/11

After the 9/11 terrorist attacks in the U.S., Baker became a prominent advocate for increased digital surveillance and better information sharing among national security and other government agencies along with private-sector data. 

Baker testified before the 9/11 Commission in 2003 and said, "In my view, there were two problems — a problem with the tools our agencies were able to use and a problem with the rules they were required to follow. What's worse, two years later, neither problem has been fixed. Which means that there is a very real risk we will fail again, and that more Americans will die at the hands of terrorists as a result of our failure."

In his written testimony, Baker offered a detailed set of counterterrorism policy recommendations but also included a set of recommendations to prevent privacy and civil liberties abuses through the use of anonymization, electronic auditing and rules-based access controls. 

DHS, travel data and international data protection agreements

In July 2005, Baker was appointed by then-President George W. Bush to serve as assistant secretary for policy at the recently minted Department of Homeland Security. While at DHS, Baker helped construct the legal and diplomatic framework for using passenger and travel information as a counterterrorism tool, while navigating privacy concerns with European data protection authorities. 

While there, Baker led negotiations with European and Middle Eastern governments regarding travel data, privacy issues and visa waivers. "He devised a new approach to visa-free travel, forged a congressional and interagency consensus on the plan, and negotiated acceptance with key governments," a bio page of his states. 

In 2010, Baker published "Skating On Stilts: Why We Aren't Stopping Tomorrow's Terrorism," which drew on his experiences at DHS. In it, Baker argued that modern technology has made terrorism more dangerous, but privacy advocates and some big businesses were preventing government from adopting measures that would help prevent future attacks. In a review of the book, the Federalist Society's Gregory McNeal wrote, "The Department of Homeland Security is paralyzed by civil-libertarian privacy advocates, business interests and bureaucratic turf battles. The result of this paralysis is a bias toward the status quo that is preventing the United States from protecting the homeland." In “his must read book … this policy dynamic, combined with exponential advances in technology are key threats to U.S. national security.” 

Notably, Baker argued that privacy at times must take a back seat to security, as technology increasingly allows new avenues for terrorism. He regularly pushed back at what he considered was "privacy absolutism" and that civil-liberties protections need to be redesigned for a digital world. 

The Snowden revelations and the metadata debates

In the wake of the 2013 Snowden revelations, which revealed the power and extent of NSA surveillance capabilities to the public, Baker famously said that "metadata absolutely tells you everything about somebody's life. If you have enough metadata, you don't really need content" of a communication.  

The comment was used by defenders of surveillance and its critics because it captured the power of non-content data — which includes call records, time stamps, location and relationships. Security expert and privacy advocate Bruce Schneier detailed the concerns around collecting metadata versus content in a 2015 column, while quoting Baker, adding, "The truth is, though, that the difference is largely illusionary. It's all data about us." 

By 2009, Baker returned to law firm Steptoe & Johnson, where he continued to serve as partner until 2024. In 2013, he started the Cyberlaw Podcast, which advised on national security and technology issues. 

Even after leaving Steptoe, Baker continued his work advising as principal for Stewart Baker Consulting. 

Until the final months of his life, Baker remained engaged in the nation's most contentious surveillance-law debates. Earlier this year, Baker testified before the Senate Judiciary Committee in support of renewing Section 702 of the Foreign Intelligence Surveillance Act, saying that it continues to be a critical intelligence gathering tool, while acknowledging the risk it poses for abuse. 

Baker also spoke at the IAPP Global Summit 30 March in the breakout session, "National Security is Screwing Up My Privacy Program," along with Alston & Bird's Peter Swire, Carnegie Endowment for Peace's Peter Harrell and Cloudflare's Alissa Starzak. 

Stewart Abercrombie Baker was born in Poughkeepsie, New York, 17 July 1947. He obtained his bachelor's degree from Brown University in 1969 and his J.D. from the University of California, Los Angeles School of Law in 1975. 

He clerked for Frank M. Coffin, United States Court of Appeals, First Circuit in 1976. Baker then clerked for Supreme Court Justice John Paul Stevens from 1977-78. 

In 1979, Baker served as deputy general counsel, special assistant to secretary Shirley Hufstedler in the U.S. Department of Education, until joining Steptoe & Johnson in 1981 for his second of several stints at the law firm. 

Baker's death was announced via his account on LinkedIn 2 May, with an outpouring of response from across the community.