DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
from the we-all-need-to-work-on-this.-you-go-first. dept
DHS boss Jeh Johnson is still out trading fear for civil liberties. There's a cyberwar that needs fighting and his agency is looking for a position at the "information sharing" front lines. As the major systems went down left and right a couple of days ago, Johnson remained mostly unperturbed while delivering an address to CSIS.
In the context he delivered them, his remarks -- while remarkably similar to those he delivered at the RSA Conference in April -- seem to be a bit more conciliatory, rather than being just repetitive talking points from an agency seeking additional power at any cost.
Johnson acknowledged that in the war against hackers, the need to protect privacy and connectivity makes the web security a difficult operating environment.While I still remain skeptical as to his true intentions, it is a bit refreshing to see someone in the business of securing the homeland at least cognizant of the tradeoffs inherent to these aims. He said something to the same effect three months ago, but it was in the context of pleading the government's case for encryption backdoors.
“I can build you a perfectly safe city, but it will look like a prison,” he warned.
“Cybersecurity involves striking a balance,” he said. “I can build you a perfectly secure email system but your contact will be limited to about ten people and you would be disconnected entirely from the Internet and the outside world.”
I tell audiences that I can build you a perfectly safe city on a hill, but it will constitute a prison.I think most Americans are well aware you can't have perfect security and perfect liberty, and outside of the most extreme factions on either end, no one's clamoring for that. The important thing is that Johson recognizes this, considering he holds the tools to build the public a hilltop prison in the name of security.
But I still think Johnson wants most of the tradeoffs to come at the expense of the public. He may be totally sincere in his wishes to build a balanced cybersecurity program, with actual equitable information sharing, but his best intentions are naturally hampered by the excesses of the agency he helms. There are far too many agencies operating under the minimal control of the DHS, many of which aren't nearly as willing to cede civil liberties ground as needed.
On top of that, the government continues to be terrible at protecting its own assets. And yet, it wants the private sector to be its partner in the Great Cyberwar. Once these companies are forced to carry the cybersecurity load for the underperforming public sector, those with greater governmental control on their minds will start building these "prison" walls, and all tradeoffs will be forgotten.
The only way to keep the government honest is to force it to play by the private sector's rules. This means no willful subversion of encryption and ridiculous demands for additional intrusive access in the name of "information sharing." Once these companies are granted a little respect from their potential partners, I would imagine the us v. them posturing will relax a bit.
Johnson may recognize the tradeoff and may even be willing to make concessions. But so far, most of what's being offered by agencies like his are demands, rather than compromises.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dhs, jeh johnson, privacy, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
Actually that would be a weak city, because the prisoners would likely work for its fall so that they could escape. Also they could not aid the defenders because they would not be allowed to.
[ link to this | view in chronology ]
Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
[ link to this | view in chronology ]
Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
Laws are meant to control the law abiding, not the criminals.
[ link to this | view in chronology ]
Re: Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
[ link to this | view in chronology ]
There are enough bright people who can create strong, secure, and robust systems. Most of them do not work for the federal government and that's a good thing.
[ link to this | view in chronology ]
I can build you a perfectly secure email system
Jeh Johnson attended Bellport High School, a public high school on Long Island, and graduated at 15 in 1987. The same year, he ranked fifth place in the Westinghouse Science Talent Search. In 1987 (at the age of 16), he achieved a Top 10 ranking in the William Lowell Putnam Mathematical Competition. Johnson earned his bachelor's degree in mathematics from New York University (1991) and has a PhD in mathematics from the University of California, Berkeley (1995), where he studied under Hendrik Lenstra.
[ link to this | view in chronology ]
I can build you a secure email system, too
Jeh Johnson studied physics at the University of Groningen, graduating with a PhD. He spent 12 years at Eindhoven University as a systems architect in the Mathematics and Computer Science department, and spent part of this time writing tools for Electronic Data Interchange. Since emigrating to the U.S. in 1996 and until 2015, he has been working for the IBM Thomas J. Watson Research Center in New York State. On March 24, 2015, he announced he was leaving IBM for Google.
[ link to this | view in chronology ]
At least I can build you an email system
Born in El Cerrito, California, Jeh Johnson knew from an early age that he wanted to work in computing, breaking into his high school's mainframe and later using the UC Berkeley computing center for his computing needs. In 1973, he entered UC Berkeley, just as the Unix operating system began to become popular in academic circles. He earned B.S. and M.S. degrees from UC Berkeley in 1977 and 1980 respectively.
[ link to this | view in chronology ]
There is no tradeoff
[ link to this | view in chronology ]
Re: There is no tradeoff
There is no tradeoff. Privacy is paramount to security; and the enemy of security is surveillance.
"Either we build our communications infrastructure for surveillance, or we build it for security." -- Bruce Schneier
[ link to this | view in chronology ]
Safe prisons
Excuse me, sir, but if you think prisons are safe, you are an ass. In 2011, there were 274 homicides in local jails and state prisons...not to mention suicides, poor medical care, and accidents.
[ link to this | view in chronology ]
So I give him credit, he does have a point. The only issue is that the solution is simply wider adoption of cryptography. If everyone were to use something like PGP, than it would become ubiquitous and remove the barriers to entry. He knows this, and with the success of the HTTPS everywhere campaign and now the Let's Encrypt CA starting up, everyone will be able to at least use S/MIME encryption on email easily.
[ link to this | view in chronology ]
Other comments are missing the point.
If I have the only copy of the keys to my own house, does that make my house a prison? NO! That is insane!
He is trying to say a perfectly safe cyber city would require every computer to be disconnected from the internet. That is definitely a poor solution.
A better solution would be to have every computer encrypted and have every connection be encrypted with private keys.
[ link to this | view in chronology ]
Re: Other comments are missing the point.
[ link to this | view in chronology ]
Re: Re: Other comments are missing the point.
Perfect security is an impossibility.
[ link to this | view in chronology ]
Playing the extreme card
[ link to this | view in chronology ]