Wednesday, April 1, 2015

Encryption and the Politics of Confusion

Encryption and the Politics of Confusion

Posted by on in Smart Encryption 
     

A couple of elected officials are finally learning about encryption. In the process, they’ve unleashed resolutions that are sometimes comical and more often chilling.
b2ap3_thumbnail_Aderholt_encryption_iPhone_CSPAN.jpg
No, encryption did not start with the iPhone: Rep. Robert Aderholt discusses data security with the FBI during a March subcommittee hearing.
A House of Representatives appropriations subcommittee recently chatted about crypto in a friendly session on a multi-million-dollar budget boost request by FBI Director James Comey. Rep. Robert Aderholt (R-Ala.) flashed his iPhone and talked about its tools as if it is the first device to ever have encryption. Later, he hinted at China’s savvy in asking Apple and others device makers for their own set of encryption keys for everything. Rep. Chaka Fattah (D-Pa.) said the subcommittee could find a balance between privacy and the dire needs of law enforcement by deferring to the “wisdom of Solomon” in insight from a judge. In a wishy-washy contribution, Rep. Mike Honda (D-Calif.) presented little insight from his Silicon Valley constituency. Rep. John Carter (R-Texas), a judge, conceded he knew little on the technological challenges of the instituting or accessing all encryption keys, though summarized that it creates the “perfect tool for lawlessness.”
Comey, a stated curmudgeon about advances in encryption, likened encryption to the world’s only impenetrable safe (where he’s not completely off) and invoked a hypothetical scenario where a crying mother castigated him for his inability to access a phone to find her missing daughter. Congressional head nodding ensued, especially after Comey later indicated this “hard” situation would be best solved by “a legislative fix.”
We don’t expect our elected officials to master every aspect of our lives and making sure American’s stay safe tends to rest atop their tasklist. As they discuss and occasionally bumble through the details of encryption keys and device protection, it’s hard for security providers (and anyone who’s used PGP over the last few decades) to keep from cringing at the possible government outcomes. It goes right to the top, too, as President Obama has recently dipped his toe in the cloudy waters of encryption as it relates to tech, privacy, protection and terror.
Absent from the recent subcommittee discussion were notions from business or even data security providers about the benefits to security, privacy and lawful protection already in use. And when the applause died down from Obama’s State of the Union declarations, most of the most important business, technology and private security voices did not join him at the microphone in his subsequent cybersecurity shindig. Maybe burned by snooping disclosures or uncertain how to move ahead, these leaders of private industry – who spend a good portion of their time working out ways to prevent breaches and protect information – seem to be left as passive or complicit partners when it comes to encryption. Couldn’t this instead be a moment for government to trust CIOs and the Googles of this country for a creative, secure way forward? (We explored a few of those angles in our latest episode of “Thieves, Snoops and Idiots.”)
Congressional and government leaders have shown there is a significant learning curve over existing technological capabilities and the extent of the law. More directly as it relates to our personal conversations and billions of daily business transactions, elected officials see an answer in more legislation, compliance and backdoors. Before Obama or Aderholt dive into a copy of “Cryptography for Dummies” to solve this problem, he and his colleagues would be well-served to truly invite technological and business partners into the conversation on paths to potentially expand security and protection.
Last modified on

1 comment:

  1. This is the nice post and this post is really appreciable and informatics .I like this post too much. IT security certification

    ReplyDelete