SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
Government Wants to Improve Its Cybersecurity and Weaken Ours
Jun 24, 2015
Since the most successful hack launched against government servers compromised the personal information of more than 4.2 million government employees, the government has been scrambling to prevent it from happening again.
On June 4, the Office of Personnel Management announced it had been hacked, and officials have speculated that Chinese sources are to blame.
With FBI officials concerned about their ability to defend national security, FBI Director James Comey has called on companies such as Apple and Google to build "back doors" into encryption to protect user information from hacks but allow government agencies to access the data.
The main problem with Comey's request is that there is no feasible way to create a back door to encryption for government access without making it susceptible to hacks from other sources. An open window is an open window, explained Bill Buddington, a software engineer for the Electronic Frontier Foundation.
"If history serves as any lesson, we know that once there's a back door for one government agency, then it's not a far jump to see that that back door is also accessible to others--to hackers and to malicious third parties," Buddington told Truthdig. "There's no way to build a back door so the government can get access to your device and no one else can," he said. An ironic aspect of this situation is that President Obama has criticized countries like China for proposing to make U.S. companies hand over encryption keys in the name of fighting terrorism.
According to Buddington, the FBI's own website used to recommend that citizens use encryption, because the agency knew that that added safeguard would help protect their information. Now, since the surveillance state has ramped up, the agency wants to make sure it can access any data it deems necessary to access. Even though the FBI can still perform targeted surveillance operations and get warrants to access this data, Buddington notes, it wants more options for retrieving intel.
As Johns Hopkins cryptography professor Matthew Green has stated, forcing companies such as Google and Apple to break their own encryption will do absolutely nothing to prevent terrorism. "You could strangle the whole U.S. tech industry, and ISIS would *still* be able to communicate with their followers using encryption," he tweeted in early June. Essentially, companies dealing with the data of ordinary U.S. citizens and employees would be wide open to hacks, while the people the FBI wants to go after would still just use encryption by other means. Even if encryption was made entirely illegal, there's little reason to believe terrorists would be afraid of breaking the law.
Beyond that, there is reason to believe that the data of more than 300 million people who don't work for the federal government could be extremely valuable to foreign entities. "If there are foreign governments that find value in getting U.S. government employee data, then there is no reason they'd stop [going after civilian data]," Buddington notes. He said a government that opposes the United States could do a lot with the metadata of U.S. citizens. "To see who is talking to whom, who is communicating with whom and who's meeting--these kind of diverse interactions are the bread and butter of intelligence-gathering more generally for nation-states," he said. "To know the movements of populations is to know how information flows more generally, and that can affect foreign policy decisions and national security decisions."
Malicious governments or other entities could collect all the information they want and then dive in to look for specific patterns or interactions. Information such as financial data, for example, could be of value to many hackers. What is thought to be the biggest bank heist ever involved more than 100 banks in 30 nations that were hacked by a cybercrime gang, and it is believed well over $300 million was lost--and possibly as much as $1 billion.
Buddington and other experts say citizens and government agencies should be encrypting all communications and data. As for the government's cybersecurity, Buddington says the technology it's using is antiquated and needs to be replaced to respond to evolving threats. He said the government also needs more cybersecurity experts at every level to advise those who may not know how to protect themselves. Keeping government data protected is important, but the country isn't any safer if only its leaders are out of the line of fire, he notes.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
Since the most successful hack launched against government servers compromised the personal information of more than 4.2 million government employees, the government has been scrambling to prevent it from happening again.
On June 4, the Office of Personnel Management announced it had been hacked, and officials have speculated that Chinese sources are to blame.
With FBI officials concerned about their ability to defend national security, FBI Director James Comey has called on companies such as Apple and Google to build "back doors" into encryption to protect user information from hacks but allow government agencies to access the data.
The main problem with Comey's request is that there is no feasible way to create a back door to encryption for government access without making it susceptible to hacks from other sources. An open window is an open window, explained Bill Buddington, a software engineer for the Electronic Frontier Foundation.
"If history serves as any lesson, we know that once there's a back door for one government agency, then it's not a far jump to see that that back door is also accessible to others--to hackers and to malicious third parties," Buddington told Truthdig. "There's no way to build a back door so the government can get access to your device and no one else can," he said. An ironic aspect of this situation is that President Obama has criticized countries like China for proposing to make U.S. companies hand over encryption keys in the name of fighting terrorism.
According to Buddington, the FBI's own website used to recommend that citizens use encryption, because the agency knew that that added safeguard would help protect their information. Now, since the surveillance state has ramped up, the agency wants to make sure it can access any data it deems necessary to access. Even though the FBI can still perform targeted surveillance operations and get warrants to access this data, Buddington notes, it wants more options for retrieving intel.
As Johns Hopkins cryptography professor Matthew Green has stated, forcing companies such as Google and Apple to break their own encryption will do absolutely nothing to prevent terrorism. "You could strangle the whole U.S. tech industry, and ISIS would *still* be able to communicate with their followers using encryption," he tweeted in early June. Essentially, companies dealing with the data of ordinary U.S. citizens and employees would be wide open to hacks, while the people the FBI wants to go after would still just use encryption by other means. Even if encryption was made entirely illegal, there's little reason to believe terrorists would be afraid of breaking the law.
Beyond that, there is reason to believe that the data of more than 300 million people who don't work for the federal government could be extremely valuable to foreign entities. "If there are foreign governments that find value in getting U.S. government employee data, then there is no reason they'd stop [going after civilian data]," Buddington notes. He said a government that opposes the United States could do a lot with the metadata of U.S. citizens. "To see who is talking to whom, who is communicating with whom and who's meeting--these kind of diverse interactions are the bread and butter of intelligence-gathering more generally for nation-states," he said. "To know the movements of populations is to know how information flows more generally, and that can affect foreign policy decisions and national security decisions."
Malicious governments or other entities could collect all the information they want and then dive in to look for specific patterns or interactions. Information such as financial data, for example, could be of value to many hackers. What is thought to be the biggest bank heist ever involved more than 100 banks in 30 nations that were hacked by a cybercrime gang, and it is believed well over $300 million was lost--and possibly as much as $1 billion.
Buddington and other experts say citizens and government agencies should be encrypting all communications and data. As for the government's cybersecurity, Buddington says the technology it's using is antiquated and needs to be replaced to respond to evolving threats. He said the government also needs more cybersecurity experts at every level to advise those who may not know how to protect themselves. Keeping government data protected is important, but the country isn't any safer if only its leaders are out of the line of fire, he notes.
Since the most successful hack launched against government servers compromised the personal information of more than 4.2 million government employees, the government has been scrambling to prevent it from happening again.
On June 4, the Office of Personnel Management announced it had been hacked, and officials have speculated that Chinese sources are to blame.
With FBI officials concerned about their ability to defend national security, FBI Director James Comey has called on companies such as Apple and Google to build "back doors" into encryption to protect user information from hacks but allow government agencies to access the data.
The main problem with Comey's request is that there is no feasible way to create a back door to encryption for government access without making it susceptible to hacks from other sources. An open window is an open window, explained Bill Buddington, a software engineer for the Electronic Frontier Foundation.
"If history serves as any lesson, we know that once there's a back door for one government agency, then it's not a far jump to see that that back door is also accessible to others--to hackers and to malicious third parties," Buddington told Truthdig. "There's no way to build a back door so the government can get access to your device and no one else can," he said. An ironic aspect of this situation is that President Obama has criticized countries like China for proposing to make U.S. companies hand over encryption keys in the name of fighting terrorism.
According to Buddington, the FBI's own website used to recommend that citizens use encryption, because the agency knew that that added safeguard would help protect their information. Now, since the surveillance state has ramped up, the agency wants to make sure it can access any data it deems necessary to access. Even though the FBI can still perform targeted surveillance operations and get warrants to access this data, Buddington notes, it wants more options for retrieving intel.
As Johns Hopkins cryptography professor Matthew Green has stated, forcing companies such as Google and Apple to break their own encryption will do absolutely nothing to prevent terrorism. "You could strangle the whole U.S. tech industry, and ISIS would *still* be able to communicate with their followers using encryption," he tweeted in early June. Essentially, companies dealing with the data of ordinary U.S. citizens and employees would be wide open to hacks, while the people the FBI wants to go after would still just use encryption by other means. Even if encryption was made entirely illegal, there's little reason to believe terrorists would be afraid of breaking the law.
Beyond that, there is reason to believe that the data of more than 300 million people who don't work for the federal government could be extremely valuable to foreign entities. "If there are foreign governments that find value in getting U.S. government employee data, then there is no reason they'd stop [going after civilian data]," Buddington notes. He said a government that opposes the United States could do a lot with the metadata of U.S. citizens. "To see who is talking to whom, who is communicating with whom and who's meeting--these kind of diverse interactions are the bread and butter of intelligence-gathering more generally for nation-states," he said. "To know the movements of populations is to know how information flows more generally, and that can affect foreign policy decisions and national security decisions."
Malicious governments or other entities could collect all the information they want and then dive in to look for specific patterns or interactions. Information such as financial data, for example, could be of value to many hackers. What is thought to be the biggest bank heist ever involved more than 100 banks in 30 nations that were hacked by a cybercrime gang, and it is believed well over $300 million was lost--and possibly as much as $1 billion.
Buddington and other experts say citizens and government agencies should be encrypting all communications and data. As for the government's cybersecurity, Buddington says the technology it's using is antiquated and needs to be replaced to respond to evolving threats. He said the government also needs more cybersecurity experts at every level to advise those who may not know how to protect themselves. Keeping government data protected is important, but the country isn't any safer if only its leaders are out of the line of fire, he notes.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.