DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession

from the we-all-need-to-work-on-this.-you-go-first. dept

DHS boss Jeh Johnson is still out trading fear for civil liberties. There's a cyberwar that needs fighting and his agency is looking for a position at the "information sharing" front lines. As the major systems went down left and right a couple of days ago, Johnson remained mostly unperturbed while delivering an address to CSIS.

In the context he delivered them, his remarks -- while remarkably similar to those he delivered at the RSA Conference in April -- seem to be a bit more conciliatory, rather than being just repetitive talking points from an agency seeking additional power at any cost.

Johnson acknowledged that in the war against hackers, the need to protect privacy and connectivity makes the web security a difficult operating environment.

“I can build you a perfectly safe city, but it will look like a prison,” he warned.

“Cybersecurity involves striking a balance,” he said. “I can build you a perfectly secure email system but your contact will be limited to about ten people and you would be disconnected entirely from the Internet and the outside world.”
While I still remain skeptical as to his true intentions, it is a bit refreshing to see someone in the business of securing the homeland at least cognizant of the tradeoffs inherent to these aims. He said something to the same effect three months ago, but it was in the context of pleading the government's case for encryption backdoors.
I tell audiences that I can build you a perfectly safe city on a hill, but it will constitute a prison.
I think most Americans are well aware you can't have perfect security and perfect liberty, and outside of the most extreme factions on either end, no one's clamoring for that. The important thing is that Johson recognizes this, considering he holds the tools to build the public a hilltop prison in the name of security.

But I still think Johnson wants most of the tradeoffs to come at the expense of the public. He may be totally sincere in his wishes to build a balanced cybersecurity program, with actual equitable information sharing, but his best intentions are naturally hampered by the excesses of the agency he helms. There are far too many agencies operating under the minimal control of the DHS, many of which aren't nearly as willing to cede civil liberties ground as needed.

On top of that, the government continues to be terrible at protecting its own assets. And yet, it wants the private sector to be its partner in the Great Cyberwar. Once these companies are forced to carry the cybersecurity load for the underperforming public sector, those with greater governmental control on their minds will start building these "prison" walls, and all tradeoffs will be forgotten.

The only way to keep the government honest is to force it to play by the private sector's rules. This means no willful subversion of encryption and ridiculous demands for additional intrusive access in the name of "information sharing." Once these companies are granted a little respect from their potential partners, I would imagine the us v. them posturing will relax a bit.

Johnson may recognize the tradeoff and may even be willing to make concessions. But so far, most of what's being offered by agencies like his are demands, rather than compromises.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dhs, jeh johnson, privacy, security


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 13 Jul 2015 @ 3:31pm

    DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession

    I tell audiences that I can build you a perfectly safe city on a hill, but it will constitute a prison.

    Actually that would be a weak city, because the prisoners would likely work for its fall so that they could escape. Also they could not aid the defenders because they would not be allowed to.

    link to this | view in chronology ]

    • icon
      sigalrm (profile), 13 Jul 2015 @ 4:15pm

      Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession

      Anyone who's ever actually been to a prison understands that prisons are not inherently safe environments...

      link to this | view in chronology ]

    • icon
      Groaker (profile), 13 Jul 2015 @ 6:12pm

      Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession

      Prisons are run by the inmates, not the putative guards and wardens. They are notoriously porous to contraband such as guns, drugs, cell phones and sex. As well as "home" built weapons like shivs, crossbows and more.

      Laws are meant to control the law abiding, not the criminals.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 13 Jul 2015 @ 9:45pm

        Re: Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession

        despite his impressive resume, guess its shows he doesnt have intelligence in all areas.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jul 2015 @ 3:53pm

    >I can build

    There are enough bright people who can create strong, secure, and robust systems. Most of them do not work for the federal government and that's a good thing.

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 13 Jul 2015 @ 4:31pm

    I can build you a perfectly secure email system

    I can build you a perfectly secure email system

                ——Jeh Johnson

    Jeh Johnson attended Bellport High School, a public high school on Long Island, and graduated at 15 in 1987. The same year, he ranked fifth place in the Westinghouse Science Talent Search. In 1987 (at the age of 16), he achieved a Top 10 ranking in the William Lowell Putnam Mathematical Competition. Johnson earned his bachelor's degree in mathematics from New York University (1991) and has a PhD in mathematics from the University of California, Berkeley (1995), where he studied under Hendrik Lenstra.

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 13 Jul 2015 @ 4:53pm

    I can build you a secure email system, too

    I can build you a ... secure email system

              ——Jeh Johnson

    Jeh Johnson studied physics at the University of Groningen, graduating with a PhD. He spent 12 years at Eindhoven University as a systems architect in the Mathematics and Computer Science department, and spent part of this time writing tools for Electronic Data Interchange. Since emigrating to the U.S. in 1996 and until 2015, he has been working for the IBM Thomas J. Watson Research Center in New York State. On March 24, 2015, he announced he was leaving IBM for Google.

    link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 13 Jul 2015 @ 5:13pm

    At least I can build you an email system

    I can build you an ... email system

                ——Jeh Johnson

    Born in El Cerrito, California, Jeh Johnson knew from an early age that he wanted to work in computing, breaking into his high school's mainframe and later using the UC Berkeley computing center for his computing needs. In 1973, he entered UC Berkeley, just as the Unix operating system began to become popular in academic circles. He earned B.S. and M.S. degrees from UC Berkeley in 1977 and 1980 respectively.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jul 2015 @ 11:10pm

    There is no tradeoff

    Whenever they want to take privacy you never get any security from it, but security theater and fear-mongering.

    link to this | view in chronology ]

    • icon
      Seegras (profile), 14 Jul 2015 @ 1:55am

      Re: There is no tradeoff

      Ack.

      There is no tradeoff. Privacy is paramount to security; and the enemy of security is surveillance.

      "Either we build our communications infrastructure for surveillance, or we build it for security." -- Bruce Schneier

      link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 14 Jul 2015 @ 4:06am

    Safe prisons

    “I can build you a perfectly safe city, but it will look like a prison,” he warned.

    Excuse me, sir, but if you think prisons are safe, you are an ass. In 2011, there were 274 homicides in local jails and state prisons...not to mention suicides, poor medical care, and accidents.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Jul 2015 @ 4:27am

    “Cybersecurity involves striking a balance,” he said. “I can build you a perfectly secure email system but your contact will be limited to about ten people and you would be disconnected entirely from the Internet and the outside world.”

    So I give him credit, he does have a point. The only issue is that the solution is simply wider adoption of cryptography. If everyone were to use something like PGP, than it would become ubiquitous and remove the barriers to entry. He knows this, and with the success of the HTTPS everywhere campaign and now the Let's Encrypt CA starting up, everyone will be able to at least use S/MIME encryption on email easily.

    link to this | view in chronology ]

  • icon
    ahow628 (profile), 14 Jul 2015 @ 5:37am

    Other comments are missing the point.

    Stop saying "he's an idiot because prisons are dangerous." It missed the point completely.

    If I have the only copy of the keys to my own house, does that make my house a prison? NO! That is insane!

    He is trying to say a perfectly safe cyber city would require every computer to be disconnected from the internet. That is definitely a poor solution.

    A better solution would be to have every computer encrypted and have every connection be encrypted with private keys.

    link to this | view in chronology ]

    • identicon
      Klaus, 14 Jul 2015 @ 6:09am

      Re: Other comments are missing the point.

      I thought he was being allegorical.

      link to this | view in chronology ]

      • icon
        John Fenderson (profile), 14 Jul 2015 @ 7:56am

        Re: Re: Other comments are missing the point.

        But his allegory is wrong. He could not, in fact, build a perfectly safe city no matter how much like a prison he makes it. And he could not, in fact, build a perfectly secure email system, no matter how disconnected from the net it is.

        Perfect security is an impossibility.

        link to this | view in chronology ]

  • identicon
    JimB, 14 Jul 2015 @ 5:28pm

    Playing the extreme card

    It's just a game of extremes in hopes the public will respond to something less so while still allowing government to violate their constitutional rights.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.