Secretary Of State: We Must Have A Secure Internet; Homeland Security Secretary: A Secure Internet Makes Us All Less Safe
from the watch-out-for-the-buts dept
Secretary of State John Kerry gave a speech in South Korea this week about the importance of an "open and secure internet." Of course, that sounds a little hypocritical coming from the very same government that is actively working to undermine encryption, so it seems worth contrasting it with comments made from Secretary of Homeland Security Jeh Johnson, in which he whines about a secure internet making things better for terrorists. Kerry's speech is mostly good (with some caveats that we'll get to), in talking about the importance of not freaking out over moral panics and FUD:Freedom. The United States believes strongly in freedom – in freedom of expression, freedom of association, freedom of choice. But particularly, this is important with respect to freedom of expression, and you believe in that freedom of expression here in Korea. We want that right for ourselves and we want that right for others even if we don’t agree always with the views that others express. We understand that freedom of expression is not a license to incite imminent violence. It’s not a license to commit fraud. It’s not a license to indulge in libel, or sexually exploit children. No. But we do know that some governments will use any excuse that they can find to silence their critics and that those governments have responded to the rise of the internet by stepping up their own efforts to control what people read, see, write, and say.That sounds good... until you compare it to Kerry's cabinet partner Johnson, who was doing exactly what Kerry said governments should not do:
This is truly a point of separation in our era – now, in the 21st century. It’s a point of separation between governments that want the internet to serve their citizens and those who seek to use or restrict access to the internet in order to control their citizens.
Let's not even bother with the question of just what is "deeper and deeper encryption" or why we should have someone who clearly doesn't understand encryption in charge of Homeland Security. But it seems clear that Kerry and Johnson's views here are quite different. Kerry is saying that "governments will use any excuse they can" including bogus claims about "terrorism" and "criminals" -- and yet that's exactly what Johnson is doing.“We are concerned that with deeper and deeper encryption, the demands of the marketplace for greater cybersecurity, deeper encryption in basic communications,” Johnson said on MSNBC’s “Morning Joe” on Friday. “It is making it harder for the FBI and state and local law enforcement to track crime, to track potential terrorist activity.”
Of course, later in his speech, Kerry starts enumerating a similar list for any country to use, should they want to control speech as well:
First, no country should conduct or knowingly support online activity that intentionally damages or impedes the use of another country’s critical infrastructure. Second, no country should seek either to prevent emergency teams from responding to a cybersecurity incident, or allow its own teams to cause harm. Third, no country should conduct or support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information for commercial gain. Fourth, every country should mitigate malicious cyber activity emanating from its soil, and they should do so in a transparent, accountable and cooperative way. And fifth, every country should do what it can to help states that are victimized by a cyberattack.In other words, here are the guidelines for any other countries to attack freedom of expression and openness online. Just claim it violates one of the list above and the US can't complain. We've certainly seen it happen before. DDoS attacks launched based on claims that it's in "response" to a hacking attempt. Or Russia cracking down on dissidents by arguing that they must be infringing on copyright law.
Kerry's statement is the kind of thing that very few people would argue against. It seems obvious: of course we don't want attacks on critical infrastructure (though, the government likes to define "critical infrastructure" in a manner that best serves its own needs), or corporate espionage. But Kerry defines things in such a broad manner (including the bogus use of "theft" for "intellectual property") that it leaves the US wide open to abuse. Kerry was right at the beginning in arguing that governments will use any means necessary, so why give them this kind of opening? As we've seen for years, when the US beat up on China for not respecting our patents, China eventually "turned things around" by focusing on figuring out ways to use patents to block American companies from beating local Chinese firms in its market.
This isn't arguing that cyberattacks or infringement of intellectual property are good things -- just that giving foreign nations a "open internet, but..." allows them to make use of the "but..." portion to do all sorts of horrible things that suppress dissent and free expression, and then argue that they had to do it, because the US told them to do so. And, of course, it's not just foreign governments, but as Johnson's comments make clear, those at home as well. None of this means to encourage bad or illegal behavior online -- but to recognize that pushing for internet freedom means actually pushing for internet freedom, which is difficult to do when you immediately encumber it with your own set of conditions, and your colleagues are undermining the very foundation of a secure internet.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, jeh johnson, john kerry, open internet, south korea
Reader Comments
The First Word
“Stuxnet
2. Second, no country should seek either to prevent emergency teams from responding to a cybersecurity incident, or allow its own teams to cause harm.
NSA's TAO team(s), explicitly setup to target opponents "in the cyber domain"
3. Third, no country should conduct or support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information for commercial gain.
The kind of activities Germany is finding their intelligence agency helped ours carry out.
4. Fourth, every country should mitigate malicious cyber activity emanating from its soil.
Unless you're doing it on purpose..?
5. And fifth, every country should do what it can to help states that are victimized by a cyberattack.
Unless it's an enemy of America, of course. Like Iran or NK.
You just can't trust what these people say ...
Subscribe: RSS
View by: Time | Thread
I remember a time when the internet didn't exist.
I also remember a time where people could travel between countries without having an invasive body search done.
But you know what else I remember? "Terrorist" activities. Hijackings, bombings, and murders all done before the "technology" of today existed.
If these actions couldn't be stopped then, and the technology sure as hell didn't stop two attacks against the WTC, what in the hell do these people think they'll accomplish by spying on everyone?
The only way "terrorist" activities can be stopped is by killing the human species. It's the only way to be sure.
[ link to this | view in thread ]
[ link to this | view in thread ]
He said it perfectly ...
[ link to this | view in thread ]
Re:
We have turned into such a nation of sissies that we can't even let our kids out of the house. We will become so paralyzed with fear that will pretty much be the same as all those hypochondriacs we like to make fun of on TV.
We have completely lost the concept of acceptable risk.
Before you are harmed by a terrorist you are more likely to be shot by the police, die in a car crash, killed by your doctor, or die from tylenol.
[ link to this | view in thread ]
Stuxnet
2. Second, no country should seek either to prevent emergency teams from responding to a cybersecurity incident, or allow its own teams to cause harm.
NSA's TAO team(s), explicitly setup to target opponents "in the cyber domain"
3. Third, no country should conduct or support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information for commercial gain.
The kind of activities Germany is finding their intelligence agency helped ours carry out.
4. Fourth, every country should mitigate malicious cyber activity emanating from its soil.
Unless you're doing it on purpose..?
5. And fifth, every country should do what it can to help states that are victimized by a cyberattack.
Unless it's an enemy of America, of course. Like Iran or NK.
You just can't trust what these people say ...
[ link to this | view in thread ]
They want a secure country, only applied to themselves everyone else needs to be open and transparent to the point of being locked up for anything and everything.
These are the self perceived elite that desperately desire to become the Nobles of the new American despotism.
[ link to this | view in thread ]
Re:
> what in the hell do these people think they'll
> accomplish by spying on everyone?
They'll prevent whistleblowers from informing the public.
They'll prevent rich or powerful people from being embarrassed.
They'll ensure that corporations get what they want.
Ultimately, and eventually inevitably . . .
They'll keep themselves in power. They'll crush dissent.
[ link to this | view in thread ]
Re: Re:
Harder you grasp for control the more shit that slips through your fingers. Technology will not solve this problem.
Sure the face of dissent changes but the fact that dissent will happen does not change.
Remember, give me liberty or give me death was not a secret back alley comment. It was no secret! The stupid people today in power, failed at history just like the rest of us that let them get into power.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
Whether or not that's correct would seem - to me - to really come down to the finer points of how "critical infrastructure" is defined.
[ link to this | view in thread ]
Re: Re: Re:
Those who fail to learn from history are destined to repeat it in summer school.
Oh, wait . . .
Those who fail to learn from history are destined to be promoted to a decision making role.
[ link to this | view in thread ]
Re: Re: Re:
> just like the rest of us that let them get into power.
Or those people in power know history full well, and simply do not care about the sheer magnitude of bad consequences, the number of people affected, or the number of generations of people affected by their decisions as long as their own personal lives right now wealth and power.
(What mental disorder is that?)
[ link to this | view in thread ]
Re: Re:
You're almost as likely to die by crashing into a police car while rushing to your doctor for a tylenol overdose as you are to be killed by terrorists.
[ link to this | view in thread ]
Re: Re: Re:
It's really about "we will find a justification when it's us doing it". Whether that's by finding a useful definition of "critical infrastructure" or by some other means is not really important to them.
[ link to this | view in thread ]
Theft of IP
When you distribute information that you obtained legally without permission and against Copyright laws, such as sharing a movie online, that is infringement, not theft. Corporate espionage falls under a different label than infringing.
The concepts, of course, are not mutually exclusive. The use of the stolen IP, such as by putting out a competing product based on the IP, is, once again, infringement.
That bit of pedantism aside, this was a great article.
TL;DR: Illegally obtaining confidential IP is theft; illegally using IP (secret or not) is infringement.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Defund DHS
The level of ignorance found in upper echelons of management within the DHS is astounding. If Jeh Johnson and Tom Ridge, past and current directors, are representative of the quality and ability of DHS personnel congress in a just world would pull the $60 billion dollar plug on the cretinous tax wasting and freedom destroying abomination known as DHS.
[ link to this | view in thread ]
The whole "have to secure this" bs is simply an excuse to control that which they should leave the hell alone.
[ link to this | view in thread ]
Re:
by Secretary of State and Homeland Security Secretary
The internet is a series of tubes.
There, I wrote it for them.
[ link to this | view in thread ]
Re: Theft of IP
If I copy a digital file, the original owner still has their copy, so it's not theft. If I distribute it without permission, that's infringement. If have access and/or copied confidential documents, then it's either espionage or unauthorised access to classified material. But not theft, unless you're removing access from the original party in the process.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re:
History is repeating itself the events of these past few decades have happened before
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
One good blitz would straighten us out.
Compared to the Blitz, the occasional successful bombing of a subway or a plaza is a light drizzle, not even worthy of a raincoat.
We get Doolittle raided (by which I mean 9/11) and OMGWTF it starts a mass panic from which we haven't recovered. Rather than saying well that was a jolly mess and carrying the fuck on.
Imagine how demoralizing it must be to terrorist groups when they suicide bomb and nobody cares.
[ link to this | view in thread ]
They're playing the short game.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]