RSA 2016: Weakened encryption compromises national security

News
2 Mar, 2016

Terrorists will move to other platforms, while criminals will exploit the flaws, claim speakers

Tech leaders have hit out at government snooping and attempts to break encryption on the first day of RSA Conference 2016.

On the same day that Apple once again came face-to-face with the FBI in a court hearing in LA, down the coast in San Francisco, Amit Yoran, president of RSA, used his opening keynote to criticise governments for allowing intelligence and law enforcement agencies to dominate the security conversation.

"We need governments to enact policies that help, rather than hinder security, providing opportunities for talent development," he told delegates.

Yoran said that the aims and perspectives of such agencies are "radically different" to those of people trying to defend networks, and said policy proposals such as weakening encryption "boggle the mind".

"In an era when cybersecurity is consistently cited as the single greatest threat to our way of life - above terrorism and all else - how can we possible justify a policy that would catastrophically weaken our infrastructures?" asked Yoran.

"Weakening encryption is solely for the ease and convenience of law enforcement when they are pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened. However, if you weaken our encryption you can sure bet that the bad guys will use that and exploit it against us," he added.

These thoughts were echoed by Brad Smith, general legal counsel at Microsoft, who took to the stage after Yoran for his own keynote.

Smith reflected on not just the big hacks of the past few years but also the terrorist attacks that hit Paris and San Bernardino in late 2015.

"People went to work [the day after these attacks] debating whether this meant new steps needed to be taken for technology, for surveillance, for encryption," said Smith. "We live in a world where every week there is a pendulum and the question is, which way will the pendulum swing on these issues that affect us?"

Smith argued that it was impossible to ensure people's security in real life if their security cannot be ensured online.

"The internet started out two decades ago as something people talked about as a different space - cyberspace, as if it were disconnected from real space and the real world. Well, what we've learnt today is that if people want to shape and impact what happens in the real world, they go to the internet," said Smith.

"This has affected everybody - governments around the world studied the Sony case and they realised that there is no such thing as national security in this decade without cyber security. We've realised that hence we need to keep information secure. One thing is clear above all else - people will not use technology they do not trust and hence trust is the absolute foundation for our entire industry and it needs to remain that way," Smith concluded.

Smith and Yoran's comments also come on the same day Theresa May introduced a new draft of the Investigatory Powers Bill to Parliament. The new text still contains a controversial provision that would oblige companies, including RSA, Microsoft and Apple, to remove encryption at the request of law enforcement agencies.