Encryption Needs A Zebracorn

Zebra-Corn-1.001

Solution: A Zebracorn

In the debate over privacy and security, we now need a Zebracorn, a horse, simultaneously of two colors, black and white, as well as being a rare and likely mythical creature.  We need to have, both the certainty of the privacy and the protection of our data as well as to support our safety and security whereby law enforcement is capable of accessing the encrypted data streams and stores of the bad guys out to harm us all.

CyptoWars: The Government vs. Tech Companies?

On the surface, this frames how the battle lines are drawn.  But, more stakeholders are involved and quite a bit more at stake than legal expediency in a few extreme and terrible cases. Given the recent and ongoing, high-profile case between Apple and the FBI, it’s thrust the conflict, between security and privacy, front and center.  The government argues that public interest and “our” security is tantamount and best served, to force Apple to defeat the security and encryption on the terrorist’s iPhone. Tim Cook, CEO of Apple is stating that devising a “backdoor” or “skeleton key” results in creating cybersecurity “cancer,” once having been developed cannot be safely contained.

Numerous people have jumped into this conversion on one side or the other.  Just last week at SXSW an annual technology and media conference in Austin, TX, President Obama, referred to tech companies unwilling to provide a method by which the government can gain access to their devices and technology in certain extreme circumstances, e.g., child pornographers, terrorists, as “absolutists“.   He also noted that unless the tech industry comes up with a near-term solution, capitulating quickly, they face a fate much worse, having Congress step in and push through “sloppy and rushed” legislation.  Then, he warned, “We really will have issues with civil liberties.”

And along those lines, certain legislators have jumped into this discussion.  Most recently, Sen. Diane Feinstein (D – CA) and Sen. Durr (R – N.C.) are developing on a bill to “punish” companies that do not allow law enforcement with a court order to access to encrypted data.  Feinstein offered her hypothetical example of her granddaughter playing on a Sony Playstation communicating with a child predator over an encrypted communication channel, and she wants to make sure that law enforcement could access those communications.

Most of the rhetoric forcing Apple (a tech company) to break its encryption is defined by rigid moral framing, “Do it for the victims (of the terrorist attack)”; “We must stop the terrorists at all costs.”; “Dead terrorists do not need privacy.”; “We have a duty to the American people to do everything we can to keep them safe.”; and bottom line, “Security (e.g., encryption) needs to be opened up for all of our sakes.”  On the surface, these statements sound like a reasonable, rational basis to force Apple to develop a technical means of defeating its encryption and security.  Their view is that this tech company is shirking their duty to country in disobeying this public mandate.

Bold moves?

However, some are not sure that law enforcement, legislators, and regulators, fully comprehend the repercussions of what they are asking. Today, they seem nearly giddy with the possibility of gaining, what would be a solid foothold in the digital space. Driven by mounting fear of the Dark Web and encrypted communications happening across backchannels. But, do they fully understand what the long-term implications will be of eliminating encryption on our data stores and streams will be?  At a recent House Judiciary Committee meeting, individual members were dismayed at FBI Director Comey’s lack of knowledge about encryption technology.  He couldn’t and wasn’t prepared to answer some critical and technical questions posed. One question Rep. Issa (R-CA) asked Director Comey, was whether the FBI has tried to copy the flash memory chip so they could run a password cracker (breaker) against a copied image. Issa, explained to Comey, the approach allows unlimited attempts without getting locked out of the original memory chip contained in the iPhone.  Comey, replied, “I did not ask the questions you’re asking here today, and I’m not sure I even understand the questions.” continuing, “I have reasonable confidence, in fact, high confidence that the federal government has reviewed all the options.”

There are some unlikely opponents to the government’s efforts to force Apple to unlock the iPhone and to weaken its encryption to allow the “backdoor” access.  Most notably both former head of the CIA/NSA, Michael Hayden and former head of the DHS, Michael Chertoff, in addition to Sen. Lindsey Graham (R-N.C.) who thinks it is vital to our national security that we do not create a “backdoor” to encryption.  Sen. Graham initially thought it was “just stupid” that the government couldn’t break into an iPhone, but after having briefings on the Intelligence Committee, he reversed his opinion, now that he understands encryption.

Win-Lose

In the short-term, it looks like we would win. The government would be fully capable of accessing the bad guys’ digital communications and data stores. Lighting up the dark crevices of the Dark Web. Longer term, however, we could suffer from possible government overreach (ala Snowden’s chronicles) and more critically, by international hackers, terrorists, foreign nation states finding these “master keys”. They already seem to be currently operating with impunity, stealing digital secrets at their leisure even with today’s toughest encryption available, in place and operating. We already have reports of nation-state-sponsored espionage and corporate cybertheft by China as well as Russia’s cyber-warfare hacking group, shutting down a Ukrainian power grid.  In China’s case, they initiated another successful hack just before President Xi’s met with President Obama, where President Obama “warned” Xi of possible consequences for their continuation of their digital incursions and cybertheft. Also, the tech industry validated reports, both Cisco and Juniper’s routers’ firmware were altered, having a backdoor added and in particular cases, confirmed as compromised. These two companies’ routers comprise much of the routing infrastructure of the Internet globally.  Also, in Juniper’s case, industry analysts’ researched and found the updated firmware contained code known to be developed by the NSA.

Pandora’s Box?

So, unfortunately, the likelihood the government or Apple would be able to secure the set of “master keys” seems unrealistic and at this point implausible. However, the biggest loss occurs if consumers and business “lose digital trust”.  As Mark McLaughlin, CEO of Palo Alto Networks put it in his keynote address at RSA’s cybersecurity conference, “People get very focused on cyber Pearl Harbor events,” he said, continuing “As bad, and more subtle, would be an increasing lack of trust in networks.” The economic impact of such a loss of trust would be immeasurable.  It would impact both our way of life and quality of life developed over the last 30 years.

Path Forward To A Mythical Solution?

Zebra-Corn.001So is there a path forward to find a Zebracorn, rare and both black and white, in this encryption and privacy debate? Finding a balance or compromise for an encryption solution that satisfies both the requirement to eliminate sets of common “master keys” or “backdoors”, while providing a method where law enforcement, under the right circumstances, can access private and encrypted data streams and stores of the really bad guys? Some bright minds are working on it.  One such researcher, is David Chaum, father of many encryption protocols including Onion Tor.  His latest project provides a suggested step for that privacy and encryption balance and is called, PrivaTegrity.  He proposes democratizing a set of distributed “nine keys” only accessed by nine server administrators in nine different countries and they would all need to cooperate to trace criminals within the network and decrypt their communications. This is interesting and new thinking on this old topic and contentious topic.  David noted about his vision, “We don’t have to give up on privacy. We don’t have to allow terrorists and drug dealers to use it. We can have a civil society electronically without the possibility of covert mass surveillance.”

Today, most all of our communications, transactions and interactions are processed through a digital medium of some kind. Even our face-to-face interactions and communications occur in the presence of smartphones and devices with audio and video recording capabilities. So the stakes are high enough that it makes to sense spend time innovating a solution, and improving the balance between our privacy and security. However, it would be good to realize and account for the technical and social complexities, the numerous stakeholders as well as the dire impacts of getting that new balance wrong as we’re are on our crypto Zebracorn hunt.

About the Author

Tim McAllister joined Accelerate IT in 2015, helping companies focused on quickly get to market & grow their revenues. He is an accomplished senior executive of venture-backed, high growth technology companies. Over the past 20 years, he has had extensive, hands-on experience, working with CEO’s, boards and entrepreneurs creating business strategies, developing go-to-market plans, building teams, raising capital and scaling operations. Recently, Tim has worked closely with early stage tech companies in defense & aerospace, enterprise mobility, IoT software, facial recognition, and messaging sectors in the San Francisco Bay Area. He is passionate and interested in Security, IoT, Robotics, Machine Learning, Drones, Big Data, Innovation, SocialMedia & Startups. He enjoys golf, his family and taking advantage of living in Northern California’s wine country.

Please connect with him on Twitter @emergentcap or LinkedIn.

 

 

 

 

The Internet of Confusion

Why are consumers and business failing to understand the potential of the Internet of Things (IoT)?

Video screens and man created entrily of my own images and human

The Internet of Things (IoT) shouldn’t be the discussion point. New insights into the customers’ current pain they are not presently aware of should be.

The high-tech marketing spin surrounding the Internet of Things (IoT) hasn’t helped. It puts the focus on the wrong things, coming across as something futuristic and, for most, a nearly unreachable vision. There’s quite a bit of noise and fascination (industry can’t help it) about technology and novel approaches (e.g., AI, M2M, deep-learning, etc.). I’ve found almost no focus on new insights surrounding specific verticals’ existing pain that the IoT enables near-term solutions. Also, significant barriers to entry for the adoption of IoT solutions are raised, at least, for enterprise and industrial customers, when the acquisition of new equipment, e.g., smart devices, smart endpoints (IP-enabled), networks, and forklift upgrades of core infrastructure, not to mention security, is required.

Without the focus on new, relevant, and most importantly, timely insights about the customers’ current and as yet unknown pain, the IoT can come across as a lot of wordy, futuristic hype.

About the Author

Tim McAllister joined Accelerate IT in 2015, helping companies focused on quickly get to market & grow their revenues. He is an accomplished senior executive of venture-backed, high growth technology companies. Over the past 20 years, he has had extensive, hands-on experience, working with CEO’s, boards and entrepreneurs creating business strategies, developing go-to-market plans, building teams, raising capital and scaling operations. Recently, Tim has worked closely with early stage tech companies in defense & aerospace, enterprise mobility, IoT software, facial recognition, and messaging sectors in the San Francisco Bay Area. He is passionate and interested in Security, IoT, Robotics, Machine Learning, Drones, Big Data, Innovation, SocialMedia & Startups. He enjoys golf, his family and taking advantage of living in Northern California’s wine country.

Please connect with him on Twitter @emergentcap or LinkedIn.