Encryption and Safety

Senators Richard Burr (R, NC) and Dianne Feinstein (C, CA), in their op-ed in The Wall Street Journal, demonstrated their lack of understanding of the relationship between security and safety.  Their piece’s title, Encryption Without Tears, illustrates their basic misunderstanding of the inherent tension between the two, here encryption and safety.

In an increasingly digital world, strong encryption of devices is needed to prevent criminal misuse of data.  But technological innovation must not mean placing individuals or companies above the law.

Neither can technological backdoors be allowed to place government above the law.

Cyberthreat Information Sharing

The public and private sectors need to increasingly declassify and divulge critical information if the U.S. is to set up effective cyberthreat organizations, according to a report released Wednesday by PwC that sets out a blueprint for how those groups could be set up.

That would certainly lead to faster responses to hack attempts—committed by anyone, whether governments foreign or domestic or criminals—and to more efficient hardening against present and future hack attempts.

Unfortunately, FBI Director James Comey has already written off the concept of public sector—at the Federal government level, anyway—cyberthreat sharing.

Government Arrogance Should Disqualify It

…in its case trying to force Apple to disable encryption on its iPhones.

Rather than assist the effort to fully investigate a deadly terrorist attack by obeying this Court’s Order of February 16, 2016, Apple has responded by publicly repudiating that Order…Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation.

Security Tradeoffs

Here’s one.

A federal judge has ordered Apple Inc to provide software to the Justice Department to help it unlock a phone used by one of the suspects in the San Bernardino, CA, terror attack because investigators suspect the device may hold critical details of the plotting behind the mass murder.

The government’s justification is this:

Law-enforcement agencies say companies such as Apple make it harder to solve crimes including terrorist attacks, child abuse and murder by putting security measures on phones that make it difficult or impossible for investigators to open them and examine data inside.

Gross Incompetence?

As if we didn’t need another reason to disband the Department of Education (see its Dear Colleague letter for an example of its gross dishonesty), here’s another, of utter failure to perform. DoE isn’t taking care of its digital data.

The Education Department doesn’t hold nuclear launch codes. But its vast data trove on student-loan borrowers and their parents—and the nearly $100 billion it disburses in new loans every year—are reason enough to want the bureaucrats to prevent digital intrusions. ….
The stakes go well beyond personal privacy. Federal student loans outstanding exceed $1 trillion, and Team Obama is trying to forgive those debts. It would add injury to injury if cyber-fraudsters were able to pile on for a taxpayer plundering.

Personal Secrecy vs National Security

The latest batch of 3,105 emails includes 275 documents upgraded to “classified” since they landed in the former Secretary’s personal inbox. That brings the total number of classified docs found in the emails to 1,274. A State Department official told Fox News on Thursday that two of those emails were upgraded to “secret,” while most of the others were upgraded to “confidential.”

Because Democratic Party Presidential candidate and then-Secretary of State Hillary Clinton’s desire to keep her doings in our name as a Cabinet Secretary were more important than our national security.

We don’t need four more years of this from within the White House.

Another Thought on Encryption

Apple’s Tim Cook had one [emphasis added].

On your iPhone, there’s likely health information, there’s financial information. There are intimate conversations with your family or your co-workers. There’s probably business secrets, and you should have the ability to protect it. And the only way we know how to do that is to encrypt it. Why is that? It’s because, if there’s a way to get in, then somebody will find the way in. There have been people that suggest that we should have a back door. But the reality is, if you put a back door in, that back door’s for everybody, for good guys and bad guys.

Maybe It’s Time

Banks fear a growing number of employees are unwittingly exposing valuable information to hackers or in some cases leaving digital clues that make a breach possible.

And

Several banks are also increasingly testing whether their employees unintentionally leave them susceptible to hackers by falling prey to “spear-phishing” attempts, in which criminals lure recipients to click on links.

And

Weeks after JP Morgan Chase & Co was hit with a massive data breach that exposed information from 76 million households, the country’s biggest bank by assets sent a fake phishing email as a test to its more than 250,000 employees. Roughly 20% of them clicked on it, according to people familiar with the email.

Encryption and Backdoors

Senator Dianne Feinstein (D, CA) wants (this is old news) a means for Government to read our private communications, most especially those we’ve chosen to encrypt. She wants Government to be able to penetrate that encryption, via, perhaps, a backdoor.

I think that Silicon Valley has to take a look at their products. [I]f you create a product that allows evil monsters to communicate in this way,…that is a big problem.

They have apps to communicate on, which cannot be pierced even with a court order[.]

On the one hand, perhaps hammers and screwdrivers should be Government controlled—they get used by evil monsters to commit mayhem.

Apology and Action

I would like to publicly renew my apology for this breach of trust and affirm my commitment to restoring it[.]

That’s what Secret Service Director Joseph Clancy said to a joint session of the House and Senate Homeland Security committees. The hearing focused on the Secret Service’s illegal search of Congressman Jason Chaffetz’ (R, UT) background. He also told the session that “dozens were being disciplined.” That discipline is limited to some agents—who are getting a whole 3-12 days of suspension—while no supervisors have been sanctioned.

We don’t even get to know who these few wrist-slappees are.