Defense Secretary Tours Valley Looking for Buy-in on New Computer Military Strategy and Rebuilding Trust Post-Snowden Revelations
To borrow a basketball analogy — and what better time than during the NBA playoffs — the White House has been doing a full-court press to impress the Valley’s movers and shakers in both business and academia. In their article on nytimes.com, David E. Sanger and Nicole Perlroth examine the White House’s efforts to form a new military cyberstrategy and rebuild trust that’s been shaken by Snowden’s NSA disclosures.
Investing in start-ups and looking for talent
[Defense Secretary] Ashton B. Carter, toured Silicon Valley…to announce a new military strategy for computer conflict, starting the latest Pentagon effort to invest in promising start-ups and to meet with engineers whose talent he declared the Pentagon desperately needed in fending off the nation’s adversaries.
Whom do you trust?
Mr. Carter immediately acknowledged, though, the need to rebuild trust with Silicon Valley, whose mainstays — like Apple, Google and Facebook…have spent two years demonstrating to customers around the world that they are rolling out encryption technologies to defeat surveillance. That, of course, includes blocking the National Security Agency, a critical member of the military-intelligence community.
“I think that people and companies need to be convinced that everything we do in the cyber domain is lawful and appropriate and necessary,” Mr. Carter told students and faculty at Stanford.
Ask not what your country can do for you
He urged the next generation of software pioneers and entrepreneurs to take a break from developing killer apps and consider a tour of service fending off Chinese, Russian and North Korean hackers, even as he acknowledged that the documents leaked by Edward J. Snowden, the former intelligence contractor, “showed there was a difference in view between what we were doing and what people perceived us as doing.”
[Jeh Johnson], the secretary of Homeland Security, and a group of other government officials ran into a buzz saw of skepticism at the world’s largest conference of computer security professionals….Those officials argued for some kind of technical compromise to allow greater security of electronic communications while enabling the F.B.I. and intelligence agencies to decode the emails and track the web activities of suspected terrorists or criminals. Yet many among the computer security professionals at the conference argued that no such compromise was possible, saying that such a system would give Russians and Chinese a pathway in, too, and that Washington might abuse such a portal.
No compromise. No access
Not long after Mr. Johnson declared that “encryption is making it harder for your government to find criminal activity and potential terrorist activity,” large numbers of entrepreneurs and engineers crammed into the first of several seminars, called “Post-Snowden Cryptography.” There, they took notes as the world’s best code makers mocked the Obama administration’s drive for a “technical compromise” that would ensure the government some continued access.
Everybody’s going to want a key
Ronald Rivest, one of the inventors of a commonly used encryption algorithm, took on the arguments by Mr. Johnson and other senior officials, including John P. Carlin, the head of the Justice Department’s national security division, that the best minds in Silicon Valley could find a way to ensure legal government access while still assuring users that communications and data stored in their iPhones and the cloud are safe. “There are lots of problems with these ideas,” Mr. Rivest said. “We live in a global information system now, and it’s not going to be just the U.S. government that wants a key. It’s going to be the U.K., it’s going to be Germany, it’s going to be Israel, it’s going to be China, it’s going to be Iran, etc.”
Trust us. We want you to make money
One of Mr. Johnson’s deputies, Phyllis Schneck [revealed] the government’s plans for real-time monitoring and blocking of malware flowing through the Internet, urging private industry to help. “We want you to make money,” said Ms. Schneck, a former chief technology officer at McAfee Inc….. Many in the crowd, though, said they worried whether the government would turn any malware-monitoring system to other uses.
Technology outpacing agreements
Mr. Obama’s cybercoordinator, Michael Daniel, who has been trying to preside over the unwieldy administration debate over encryption rules, was meeting executives in private and calling in public for “cybernorms of behavior” that could constrain the kind of hackers who attacked American corporations, the White House, the State Department and the Pentagon. But he acknowledged that this was an area where the grindingly slow wheels of diplomacy were being outpaced by technological development.
Banks, Silicon Valley giants and security companies on front lines of cyberwar
Mr. Carter, in his Stanford talk, noted that past wars were fought state to state. But in computer conflict, he said, the most sophisticated threats and weapons are seen by banks, security firms and Silicon Valley companies like Apple, Google, Yahoo, Twitter and Facebook that serve as conduits for the world’s communications. That is data Washington most needs.
The Snowden aftereffect
Yet nearly two years after the Snowden revelations, many companies are as reluctant as ever to give the government any information unless they are compelled to do so, particularly as they try to convince foreign customers in global markets that they are doing everything they can to keep Washington at a distance.
The President seeks balance
Mr. Obama, on a trip to Stanford in February, had expressed sympathy with those who were striving to protect privacy, even while saying it had to be balanced against the concerns of the F.B.I. and other agencies that fear “going dark” because of new encryption technologies. (Apple says that with its new iPhone operating system, it has no way to decode data in phones, even if given a court order.) Mr. Obama’s aides say decisions about how to resolve these differences are still months away.
Split-key. Court order
With so much more data at stake, and attacks so frequent, cryptographers say the need for encryption is greater than ever. One proposal, by Adm. Michael S. Rogers, the head of the National Security Agency, is to develop a split-key system in which companies hold half and the government, or some outside agent, holds the other half of the key to unlock encrypted communications. The two would be put together only with approval of a court. But many computer security experts reject that idea, saying it would leave too much room for theft and would motivate other governments to require the same.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.
ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.