RSA 2016: Weakened encryption compromises national security
Terrorists will move to other platforms, while criminals will exploit the flaws, claim speakers
Tech leaders have hit out at government snooping and attempts to break encryption on the first day of RSA Conference 2016.
On the same day that Apple once again came face-to-face with the FBI in a court hearing in LA, down the coast in San Francisco, Amit Yoran, president of RSA, used his opening keynote to criticise governments for allowing intelligence and law enforcement agencies to dominate the security conversation.
"We need governments to enact policies that help, rather than hinder security, providing opportunities for talent development," he told delegates.
Yoran said that the aims and perspectives of such agencies are "radically different" to those of people trying to defend networks, and said policy proposals such as weakening encryption "boggle the mind".
"In an era when cybersecurity is consistently cited as the single greatest threat to our way of life - above terrorism and all else - how can we possible justify a policy that would catastrophically weaken our infrastructures?" asked Yoran.
"Weakening encryption is solely for the ease and convenience of law enforcement when they are pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened. However, if you weaken our encryption you can sure bet that the bad guys will use that and exploit it against us," he added.
These thoughts were echoed by Brad Smith, general legal counsel at Microsoft, who took to the stage after Yoran for his own keynote.
Smith reflected on not just the big hacks of the past few years but also the terrorist attacks that hit Paris and San Bernardino in late 2015.
"People went to work [the day after these attacks] debating whether this meant new steps needed to be taken for technology, for surveillance, for encryption," said Smith. "We live in a world where every week there is a pendulum and the question is, which way will the pendulum swing on these issues that affect us?"
Smith argued that it was impossible to ensure people's security in real life if their security cannot be ensured online.
"The internet started out two decades ago as something people talked about as a different space - cyberspace, as if it were disconnected from real space and the real world. Well, what we've learnt today is that if people want to shape and impact what happens in the real world, they go to the internet," said Smith.
"This has affected everybody - governments around the world studied the Sony case and they realised that there is no such thing as national security in this decade without cyber security. We've realised that hence we need to keep information secure. One thing is clear above all else - people will not use technology they do not trust and hence trust is the absolute foundation for our entire industry and it needs to remain that way," Smith concluded.
Smith and Yoran's comments also come on the same day Theresa May introduced a new draft of the Investigatory Powers Bill to Parliament. The new text still contains a controversial provision that would oblige companies, including RSA, Microsoft and Apple, to remove encryption at the request of law enforcement agencies.
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now