When Homeland Security Secretary Jeh Johnson arrived in San Francisco for one of the world’s largest technology conferences, it was almost like a foreign emissary entering enemy territory.
The epicenter of the country’s technology community has been openly hostile toward its government ever since whistleblower-turned-fugitive Edward Snowden revealed two years ago the National Security Agency was collecting troves of Americans’ communications records and hacking into the Internet backbone. Mr. Johnson had arrived at the RSA Conference, an annual gathering of thousands of influential cybersecurity professionals, with an olive branch. He sought to encourage collaboration between Washington and the nation’s tech industry, including by announcing a new Homeland Security office to work with what he called “friends” in Silicon Valley.
But it wasn’t just the long shadow of the Snowden revelations that Johnson had to overcome. Another battle between the Obama administration and the tech community was just beginning to heat up, as senior US officials called on major tech companies such as Apple and Google to weaken encryption technology so that law enforcement and national security agencies have easier access to their customers’ data.
After the Snowden leaks, those companies moved to deploy stronger default encryption on products such as the iPhone or Android operating system, sparking the ire of national security officials.
“Encryption is making it harder for your government to find criminal activity, and potential terrorist activity,” Johnson told the conference in late April, echoing National Security Agency chief Adm. Mike Rogers and FBI Director James Comey, who want companies to build into their products a secure channel for the US government to access the encrypted data. “We need your help to find the solution,” Johnson said.
However, to an audience of security professionals whose careers depend entirely on their ability to secure software and hardware products — and whose fervor for protecting them from criminal hackers borders on religious — Johnson’s call for cooperation was pure heresy. To them, purposefully building in what they see as a vulnerability into otherwise strong security measures so someone, even the US government, can more easily access people’s information is anathema.
The article gives a thorough overview of the current and future outlook on the issue – well worth your time.
We might mention here that while the government will scream and holler that they must have back doors to all encryption, they’re really just engaged in an elaborate show of misdirection: the OPM hack — the first one that we know about so far — is proof positive that the Feds’ systems are insecure, have been for decades and will probably take decades to successfully catch/patch up…if that’s even possible.
And the Feds are not alone – a 2012 paper describes the state of all Linux devices on the internet (to include “things”) as being wide open. That is, no one even bothers to secure the most basic stuff, much less the C&C infrastructure. And, yes, that includes you and your grandma.
And as we have mentioned before the NSA long ago hacked the Dual_EC_DRBG, which is one of four random number generators used for encryption in the NIST standard…which was adopted by nearly all major commercial software packages. So in other words, that encryption that came with your software? Yeah, not so much (at least to the NSA.)
So let’s review: NSA front-doored the majority of all encryption, which no one uses because…time consuming! So the alphabet agencies are already reading nearly 98% of all internet traffic. It’s that niggling last 2% that bothers them. Or, put another way, all those fucking hipsters with their iPhones that the NSA doesn’t have the secret keys for.
Well, fuck ’em, I say: go Apple! And everybody else who won’t play the Feds’ game.