In a speech given at the world’s largest cybersecurity conference, DHS Secretary Jeh Johnson cited the need for public-private cooperation on overcoming the privacy challenges posed by encryption.
Speaking at the RSA Conference 2015 in San Francisco, Ca. on Monday, Secretary Johnson said:
“Today I am pleased to announce that the Department of Homeland Security is also finalizing plans to open up a satellite office in Silicon Valley… We want to strengthen critical relationships in Silicon Valley and ensure that the government and the private sector benefit from each other’s research and development.”
Building in-roads with security experts has been a top priority for the Obama administration which, in February 2015, issued an executive order “encouraging” information-sharing between government and private organizations. Much of the work of DHS is directed at preventing and defending against cyber attacks from criminal and state-sponsored hackers. The National Cybersecurity and Communications Integration Center, or NCCIC, received 97,000 incident reports from private and government organizations in FY2014.
Secretary Johnson’s mission in San Francisco was to further develop relationships with top cybersecurity experts.
“My message to you today is this: government does not have all the answers or all the talent. Cybersecurity must be a partnership between government and the private sector. We need each other, and we must work together. There are things government can do for you, and there are things we need you to do for us.”
Defeating encryption is a priority for DHS, as well.
“The Department of Homeland Security has both the cybersecurity mission and a law enforcement/counterterrorism mission for the American people. We have feet in both camps,” Secretary Johnson said. “The current course we are on, toward deeper and deeper encryption in response to the demands of the marketplace, is one that presents real challenges for those in law enforcement and national security.”
His bottom line: “Our inability to access encrypted information poses public safety challenges.” The irony is that the increased interest in and use of encryption is a direct result of the US Government violating the privacy of its citizens.
In a 1998 revised white paper, cybersecurity expert Bruce Schneier wrote about the potential for government intrusion into private technology through making available encryption keys, stating:
A variety of “key recovery,” “key escrow,” and “trusted third-party” encryption requirements have been suggested in recent years [again, written in 1998] by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies.
A DHS office in Silicon Valley, ostensibly for the purposes of fighting cyber crime, would give a burgeoning police state better opportunities to coerce companies into submission or incentivize building backdoors into software and hardware, which is already a known practice. Cooperation to fight cybercrime is one thing; collaboration to violate privacy is another. And given this administration’s track record on corruption and targeting its political opponents, why would we ever trust public-private partnership over a technology as privacy-enabling as encryption?
We wouldn’t. And unfortunately, this office is another step in the direction of increasing DHS authority where it doesn’t belong.