RSA attendees hoping for a fight over encryption during Thursday’s keynotes left disappointed: Even former DHS Secretary Michael Chertoff and former Director of National Intelligence Mike McConnell support Apple’s position against the FBI, and encryption in general.
Apple, McConnell went so far as to argue, is “protecting America’s ability to be competitive in the rest of the world.”
Such was the general consensus of the assembled panelists comprising “Beyond Encryption: Why We Can’t Come Together on Security and Privacy—and the Catastrophes That Await If We Don’t,” an ironically titled keynote panel here in San Francisco. Also populated by Center for Democracy and Technology head Nuala O’Connor, CIPP/G, CIPP/US, and IAPP head Trevor Hughes, CIPP, the privacy and security representatives in this case were very much of one mind: Encryption is a vital part of securing the future and must not be compromised.
Chertoff and O’Connor even combined to make an extended analogy to the Revolutionary War. Chertoff suggested that, since the government is essentially enlisting the private sector in the cyber war, that encryption is akin to the muskets that militiamen used to fight off the British in Lexington and Bunker Hill. O’Connor offered that the U.S. government has basically become British army Redcoats, marching in formation to fight a cyber battle where the opponents are using revolutionary guerilla tactics.
“We do not have a 21st century law enforcement force,” she said. “We are behind in our national security efforts. The answer isn’t to blur the lines between private and public data. It’s to train and educate law enforcement and have them do the best they can and make sure they’ve got the intellectual capital they need.”
Referring specifically to the Apple-FBI case, O’Connor in particular was pointed: Apple being forced to crack that phone “creates a world that we do not want to live in.”
But Chertoff was only slightly less direct. Apple complying with the FBI “would require Apple to create code and maintain the code in a way that would increase the risk of that getting out. And once you’ve created that code, it’s like a bacterial weapon. You’re always worried about it getting out of the lab.”
The panel also agreed that the matter of whether a company should be asked to do what Apple is being asked to do is not a matter that should be decided by one court in one case. It’s a matter for the legislature, they said, and McConnell was encouraged by Congress’s call for a commission of experts to examine the issue.
He recalled the first time he testified on the Hill in regard to cybersecurity. “Most of the committee was in their 70s,” he said, “and I’m in my 70s now so I can say this. They said, ‘Cybersecurity? I’ve still got that green light blinking on my VCR!’ … Members of Congress are mostly like people at large; by and large the public is not informed on this issue. We need to have an informed dialogue in order to have a more engaged dialog. I won’t be proscriptive in what the answer is. I just think the process needs to happen.”
And while some have called for a rapid solution to this “problem,” the IAPP’s Hughes said, “I don’t think we’ll ever get it fully sorted out. Technology will continue to change our expectations of privacy.” That’s why society needs to continue to engage in discussion and negotiation, he said, to continue to adjust the dials on privacy the way society has for countless generations. “Every new technology changes the context of privacy in society and generates the need for a resetting of privacy norms,” he said.
In the 1890s, it was portable photography. Today, it’s encryption. Tomorrow it will be some other technology that changes the way people think about their private space.
One thing’s clear, though, the panelists agreed: Setting privacy and security at odds with each other is a false, and pointless, premise. “Security without privacy is protecting an empty treasure chest,” said Chertoff. “We need to view these as complementary and not contradictory challenges.”
If you want to comment on this post, you need to login.