In a post-9/11 world, the U.S. government has continuously waged war on the systems that InfoSec professionals use. From encryption to firewalls, agencies such as the NSA and the FBI have pushed the civil liberties of Americans aside, while at the same time endangering cybersecurity for all. Once again, the debate of encryption and how the government can access it is back in the news thanks to FBI Director James Comey.
In a recent statement, Comey asked for what he deemed an “adult conversation” on end-to-end encryption in digital devices much like the iPhone used by San Bernardino shooter Syed Farook. This statement took place at a symposium organized by Symantec, and James Comey more or less reiterated the same mantra taken in the Apple case. The FBI director stated end-to-end encryption is “making more and more of the room that we are charged to investigate dark” and that “we need to understand in the FBI, how is this exactly affecting our work, and then share that with folks.”
In essence, Comey is advocating for encryption to not do its job, namely so federal agencies can investigate anyone at anytime. He may not have said that, but history is a cruel reminder that this is ultimately what he means. In the Apple case, the FBI wanted a master key that would allow unbridled access to Syed Farook’s phone, a master key that would be abused not only by the government, but likely cyber criminals as well.
The “adult conversation” that the FBI director is looking for is ultimately one that allows for more backdoor instillation and broken encryption in order for “justice” to prevail. As he stated, “The people of the United States — through judges and law enforcement — can invade our private spaces.” Funny wording if I do say so myself. The people of the United States are being invaded by law enforcement, and yet somehow Comey is making it seem like we authorize this.
What James Comey, and the rest of the federal government (as proven by the NSA data collection program), want is for cybersecurity professionals to not do their jobs. They want us to install software that allows spying 24/7 without a warrant, something Silicon Valley heavy-hitters have complied with in the past. This isn’t about the highest branches of law enforcement having an “adult conversation” with the InfoSec community and the general populace; this is about telling us that our rights and jobs do not matter. This is about undermining all of the hard work those in the cyber community do to keep information safe.
As I stated in my article Modern cryptographic methods: their flaws, their subsequent solutions, and their outside threats, “I realize that there are legitimate threats to national security that must be dealt with. The problem is, simply put, that we are setting a dangerous precedent.” This precedent initially was pursued in a more legal fashion until, as stated by Homeland Security News Wire, “federal authorities have found technical measures which allow them to access encrypted digital devices without the help of the maker, and after the White House decided last year not to seek a legislative resolution.”
The fact that Symantec hosted the symposium in which FBI director Comey gave this address raises alarm bells with me. Is the security industry — namely its major players such as Symantec — forgetting the mission that they are tasked with? To welcome a system with open arms that seeks to destroy the very fabric of advances in cryptography is a foolish game to play. Until the FBI, NSA, and CIA realize that cybersecurity professionals have an ethical mission to protect data, prolonged dialogue with the government simply will not be the rational thing to do.
Photo credit: Federal Bureau of Investigation