Cyberthreat Information Sharing

The public and private sectors need to increasingly declassify and divulge critical information if the U.S. is to set up effective cyberthreat organizations, according to a report released Wednesday by PwC that sets out a blueprint for how those groups could be set up.

That would certainly lead to faster responses to hack attempts—committed by anyone, whether governments foreign or domestic or criminals—and to more efficient hardening against present and future hack attempts.

Unfortunately, FBI Director James Comey has already written off the concept of public sector—at the Federal government level, anyway—cyberthreat sharing.

That’s a very clear indication of what this administration and its potential Progressive-Democrat successor administration thinks about Government controls.

Government Arrogance Should Disqualify It

…in its case trying to force Apple to disable encryption on its iPhones.

Rather than assist the effort to fully investigate a deadly terrorist attack by obeying this Court’s Order of February 16, 2016, Apple has responded by publicly repudiating that Order…Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation.

Never mind that under free American jurisprudence, Apple is allowed to appeal the lower court’s order to a higher court and to seek relief from complying—irreversibly, mind you—with the lower court’s order until Apple’s appeals are adjudicated. No: Apple disobeyed the high and mighty and must be punished for its impertinence.

Never mind that Apple is rightfully concerned with the sanctity of its customers’ privacy and with the ability of Americans generally to be free of the prying eyes of government. Apple disagrees with the awesome personages of FBI agents, and so it cannot possibly be behaving honestly.

DoJ’s lawyers are projecting their own failings.

Where Apple designed its software and that design interferes with the execution of search warrants, where it manufactured and sold a phone used by an ISIL-inspired terrorist, where it owns and licensed the software used to further the criminal enterprise, where it retains exclusive control over the source code necessary to modify and install the software, and where that very software now must be used to enable the search ordered by the warrant, compulsion of Apple is permissible under New York Telephone Co.

This is plainly, dishonestly specious. Apple designed its software and…manufactured and sold a phone used by…millions of American citizens, where it owns and licensed the software used to further the private affairs of American citizens…. It is plain from the careful construction of the government’s argument that it intends to expand it to pry into all of our private affairs whenever it takes a notion to.

…the Order will facilitate only the FBI’s efforts to search the phone; it does not require Apple to conduct the search or access any content on the phone. Nor is compliance with the Order a threat to other users of Apple products. Apple may maintain custody of the software, destroy it after its purpose under the Order has been served, refuse to disseminate it outside of Apple, and make clear to the world that it does not apply to other devices or users without lawful court orders….

This is deliberately disingenuous. No one is arguing that Apple is being required to conduct the government’s search. Of course, compliance with the order is a threat to other users of Apple products: the encryption, once broken or a way once found to bypass entry controls, is permanently and everywhere defeated. The FBI’s IT personnel know this. So do the government’s NSA personnel. Neither can Apple make clear to the world that it does not apply to other devices or users without those personnel making such statements being guilty of lying. Breaking an encryption algorithm or producing a way past its entry controls permanently and everywhere destroys the security of that algorithm. Without lawful court orders is just as disingenuous, as the second quote above demonstrates.

Apple is not above the law in that regard….

[M]arketing or general policy concerns are not legally cognizable objections to the Order…. This Court should not entertain an argument that fulfilling basic civic responsibilities of any American citizen or company—complying with a lawful court order—could be obviated because that company prefers to market itself as providing privacy protections….

Neither is the government above the law, and these government lawyers know full well that Apple is engaging in purely legal, solely legal, behavior in appealing the court’s order. That this is inconvenient to the government’s lawyers is their problem. Furthermore, here is the government’s lawyers repeating their reprehensible, not to say unethical, claims that because Apple is so impertinent as to dispute with them, Apple cannot possibly be acting entirely honorably and entirely out of valid concerns for Americans’ privacy—especially when that privacy is at risk of so blatantly arrogant and overreaching a government as this one is presenting itself to be.

The government’s case should be dismissed in its entirety and with prejudice over this arrogance.

Security Tradeoffs

Here’s one.

A federal judge has ordered Apple Inc to provide software to the Justice Department to help it unlock a phone used by one of the suspects in the San Bernardino, CA, terror attack because investigators suspect the device may hold critical details of the plotting behind the mass murder.

The government’s justification is this:

Law-enforcement agencies say companies such as Apple make it harder to solve crimes including terrorist attacks, child abuse and murder by putting security measures on phones that make it difficult or impossible for investigators to open them and examine data inside.

That’s an entirely valid concern.

The problem, though, is that forcing a back door into citizens’ communications encryption utterly destroys citizens’ privacy and security. There’s nothing to prevent Government from abusing that back door to engage in snooping on general principles and then actively and maliciously snooping in order to preserve the power of the men then in Government. The lawlessness of the present administration demonstrates that progression.

Of immediate effect, though, is that a backdoor for Government is a backdoor for hackers, whether these be script kiddies, terrorist hackers, financial or identity theft hackers, or any other sort.

The privacy and the security of our private identities, of our finances, of our health records, of any aspect of our lives we find useful to protect from prying eyes are critical to our ability to engage with our neighbors and our businesses and our government free from threats or attack.

The privacy of our communications, the security of our speech, must absolutely be preserved. There is no security at all without our individual liberties, of which speech is one, held secure.

“Law-enforcement agencies” and this Federal judge know this full well. And they know full well the truth of Apple CEO Tim Cook’s statement in his letter posted to Apple’s Web site:

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack.

Gross Incompetence?

As if we didn’t need another reason to disband the Department of Education (see its Dear Colleague letter for an example of its gross dishonesty), here’s another, of utter failure to perform. DoE isn’t taking care of its digital data.

The Education Department doesn’t hold nuclear launch codes. But its vast data trove on student-loan borrowers and their parents—and the nearly $100 billion it disburses in new loans every year—are reason enough to want the bureaucrats to prevent digital intrusions. ….
The stakes go well beyond personal privacy. Federal student loans outstanding exceed $1 trillion, and Team Obama is trying to forgive those debts. It would add injury to injury if cyber-fraudsters were able to pile on for a taxpayer plundering.

It isn’t a matter of an isolated error, even a serious one, which can happen in any large enterprise, either.

Department of Education Inspector General Kathleen Tighe reported in November that her team has been “finding the same deficiencies over and over again” regarding information security. Since 2009 independent auditors “have found persistent IT control deficiencies in key financial systems,” she said.

For six years, auditors have found persistent DoE IT failure. This is not an inability to achieve perfection in personal digital data handling; this is a conscious and deliberate refusal to bother.

We don’t need a Federal government Department of this sort. Not at all.

Personal Secrecy vs National Security

The latest batch of 3,105 emails includes 275 documents upgraded to “classified” since they landed in the former Secretary’s personal inbox. That brings the total number of classified docs found in the emails to 1,274. A State Department official told Fox News on Thursday that two of those emails were upgraded to “secret,” while most of the others were upgraded to “confidential.”

Because Democratic Party Presidential candidate and then-Secretary of State Hillary Clinton’s desire to keep her doings in our name as a Cabinet Secretary were more important than our national security.

We don’t need four more years of this from within the White House.