Government Wants to Improve Its Cybersecurity and Weaken Ours
Since the most successful hack ever launched against government servers compromised the personal information of more than 4.2 million government employees, the government has been scrambling to prevent it from happening again.
On June 4, the Office of Personnel Management announced it had been hacked, and officials have speculated that Chinese sources are to blame.
With FBI officials concerned about their ability to defend national security, FBI Director James Comey has called on companies such as Apple and Google to build “back doors” into encryption to protect user information from hacks but allow government agencies to access the data.
The main problem with Comey’s request is that there is no feasible way to create a back door to encryption for government access without making it susceptible to hacks from other sources. An open window is an open window, explained Bill Buddington, a software engineer for the Electronic Frontier Foundation.
“If history serves as any lesson, we know that once there’s a back door for one government agency, then it’s not a far jump to see that that back door is also accessible to others—to hackers and to malicious third parties,” Buddington told Truthdig. “There’s no way to build a back door so the government can get access to your device and no one else can,” he said. An ironic aspect of this situation is that President Obama has criticized countries like China for proposing to make U.S. companies hand over encryption keys in the name of fighting terrorism.
We Interrupt This Article with an Urgent Message!
Common Dreams is a not-for-profit news service. All of our content is free to you - no subscriptions; no ads. We are funded by donations from our readers.
Our critical Mid-Year fundraiser is going very slowly - only 1,024 readers have contributed so far. We must meet our goal before we can end this fundraising campaign and get back to focusing on what we do best.
According to Buddington, the FBI’s own website used to recommend that citizens use encryption, because the agency knew that that added safeguard would help protect their information. Now, since the surveillance state has ramped up, the agency wants to make sure it can access any data it deems necessary to access. Even though the FBI can still perform targeted surveillance operations and get warrants to access this data, Buddington notes, it wants more options for retrieving intel.
As Johns Hopkins cryptography professor Matthew Green has stated, forcing companies such as Google and Apple to break their own encryption will do absolutely nothing to prevent terrorism. “You could strangle the whole U.S. tech industry, and ISIS would *still* be able to communicate with their followers using encryption,” he tweeted in early June. Essentially, companies dealing with the data of ordinary U.S. citizens and employees would be wide open to hacks, while the people the FBI wants to go after would still just use encryption by other means. Even if encryption was made entirely illegal, there’s little reason to believe terrorists would be afraid of breaking the law.
Beyond that, there is reason to believe that the data of more than 300 million people who don’t work for the federal government could be extremely valuable to foreign entities. “If there are foreign governments that find value in getting U.S. government employee data, then there is no reason they’d stop [going after civilian data],” Buddington notes. He said a government that opposes the United States could do a lot with the metadata of U.S. citizens. “To see who is talking to whom, who is communicating with whom and who’s meeting—these kind of diverse interactions are the bread and butter of intelligence-gathering more generally for nation-states,” he said. “To know the movements of populations is to know how information flows more generally, and that can affect foreign policy decisions and national security decisions.”
Malicious governments or other entities could collect all the information they want and then dive in to look for specific patterns or interactions. Information such as financial data, for example, could be of value to many hackers. What is thought to be the biggest bank heist ever involved more than 100 banks in 30 nations that were hacked by a cybercrime gang, and it is believed well over $300 million was lost—and possibly as much as $1 billion.
Buddington and other experts say citizens and government agencies should be encrypting all communications and data. As for the government’s cybersecurity, Buddington says the technology it’s using is antiquated and needs to be replaced to respond to evolving threats. He said the government also needs more cybersecurity experts at every level to advise those who may not know how to protect themselves. Keeping government data protected is important, but the country isn’t any safer if only its leaders are out of the line of fire, he notes.