Cybersecurity: Beware Untrustworthy Partners

RGBStock.com LockBefore the ink had time to dry on his February 12 executive order “promoting private sector cybersecurity information sharing,” US president Barack Obama launched a campaign to re-write history and make the case for trusting government to bolster network security and data privacy.

“The Snowden disclosures,” Obama told Re / code’s Kara Swisher in an interview the next day, “were really harmful in terms of the trust between the government and many of these companies.”

Well, no. It was the government — Obama’s administration and its predecessors — which betrayed the trust of American enterprise, the American people and the world. Edward Snowden is mere heroic messenger, telling us what we should have already known: That any such trust was misplaced.

The executive order itself raises two key questions: Does Obama not understand network security and data privacy issues? Or is he insincere in his claims to want improved network security and data privacy?

The obvious answer, based on decades of experience, is yes to both questions. Obama’s assurances, “with almost complete confidence, that there haven’t been abuses on US soil,” don’t pass the laugh test.

The US intelligence community has a long history of doing its best to hobble communications security, going back at least as far as 1977’s “Federal Information Processing Standard,” adopted only after the National Security Agency talked IBM into hobbling its Data Encryption Algorithm to make it more vulnerable to the kinds of brute force attacks that NSA could bring to bear.

As the 20th century drew to a close, NSA fought losing rear-guard actions to prevent widespread access to and adoption of strong cryptography. Among the Snowden revelations was that coming out of that period, NSA took its efforts to a stealthier level, spending billions to subvert the crypto they couldn’t stop.  For example, we learned that a leading encryption company (RSA) worked at NSA’s behest to “[i]nsert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets.”

Anyone who believes that these efforts stopped at any point,  don’t continue to this very day, or won’t continue into the foreseeable future  is living in a fantasy world. The US government always has been, and remains, the single worst global  and domestic threat to network security and data privacy. Those two laudable goals are inherently incompatible with trust in Barack Obama or the organization he represents.

If American politicians want real privacy/cybersecurity reforms, here are some suggestions:

First, dismantle the Department of Homeland Security, drastically cut the budgets of US intelligence agencies, and levy draconian penalties for rogue operations targeting Americans for any reason or foreign “cyber warfare” operations absent a congressional declaration of war.

Secondly, repeal the US PATRIOT Act, “Know Your Customer” rules, and other laws putting personal  and business information at risk by requiring its transmission to government.

Finally, forbid government interference or “consultation” in development of private sector encryption standards or algorithms.

That would be a start. Anything less is mere theater.

Thomas L. Knapp is director and senior news analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism (thegarrisoncenter.org). He lives and works in north central Florida.

PUBLICATION/CITATION HISTORY