Secretary Of State: We Must Have A Secure Internet; Homeland Security Secretary: A Secure Internet Makes Us All Less Safe
from the watch-out-for-the-buts dept
Secretary of State John Kerry gave a speech in South Korea this week about the importance of an "open and secure internet." Of course, that sounds a little hypocritical coming from the very same government that is actively working to undermine encryption, so it seems worth contrasting it with comments made from Secretary of Homeland Security Jeh Johnson, in which he whines about a secure internet making things better for terrorists. Kerry's speech is mostly good (with some caveats that we'll get to), in talking about the importance of not freaking out over moral panics and FUD:Freedom. The United States believes strongly in freedom – in freedom of expression, freedom of association, freedom of choice. But particularly, this is important with respect to freedom of expression, and you believe in that freedom of expression here in Korea. We want that right for ourselves and we want that right for others even if we don’t agree always with the views that others express. We understand that freedom of expression is not a license to incite imminent violence. It’s not a license to commit fraud. It’s not a license to indulge in libel, or sexually exploit children. No. But we do know that some governments will use any excuse that they can find to silence their critics and that those governments have responded to the rise of the internet by stepping up their own efforts to control what people read, see, write, and say.That sounds good... until you compare it to Kerry's cabinet partner Johnson, who was doing exactly what Kerry said governments should not do:
This is truly a point of separation in our era – now, in the 21st century. It’s a point of separation between governments that want the internet to serve their citizens and those who seek to use or restrict access to the internet in order to control their citizens.
Let's not even bother with the question of just what is "deeper and deeper encryption" or why we should have someone who clearly doesn't understand encryption in charge of Homeland Security. But it seems clear that Kerry and Johnson's views here are quite different. Kerry is saying that "governments will use any excuse they can" including bogus claims about "terrorism" and "criminals" -- and yet that's exactly what Johnson is doing.“We are concerned that with deeper and deeper encryption, the demands of the marketplace for greater cybersecurity, deeper encryption in basic communications,” Johnson said on MSNBC’s “Morning Joe” on Friday. “It is making it harder for the FBI and state and local law enforcement to track crime, to track potential terrorist activity.”
Of course, later in his speech, Kerry starts enumerating a similar list for any country to use, should they want to control speech as well:
First, no country should conduct or knowingly support online activity that intentionally damages or impedes the use of another country’s critical infrastructure. Second, no country should seek either to prevent emergency teams from responding to a cybersecurity incident, or allow its own teams to cause harm. Third, no country should conduct or support cyber-enabled theft of intellectual property, trade secrets, or other confidential business information for commercial gain. Fourth, every country should mitigate malicious cyber activity emanating from its soil, and they should do so in a transparent, accountable and cooperative way. And fifth, every country should do what it can to help states that are victimized by a cyberattack.In other words, here are the guidelines for any other countries to attack freedom of expression and openness online. Just claim it violates one of the list above and the US can't complain. We've certainly seen it happen before. DDoS attacks launched based on claims that it's in "response" to a hacking attempt. Or Russia cracking down on dissidents by arguing that they must be infringing on copyright law.
Kerry's statement is the kind of thing that very few people would argue against. It seems obvious: of course we don't want attacks on critical infrastructure (though, the government likes to define "critical infrastructure" in a manner that best serves its own needs), or corporate espionage. But Kerry defines things in such a broad manner (including the bogus use of "theft" for "intellectual property") that it leaves the US wide open to abuse. Kerry was right at the beginning in arguing that governments will use any means necessary, so why give them this kind of opening? As we've seen for years, when the US beat up on China for not respecting our patents, China eventually "turned things around" by focusing on figuring out ways to use patents to block American companies from beating local Chinese firms in its market.
This isn't arguing that cyberattacks or infringement of intellectual property are good things -- just that giving foreign nations a "open internet, but..." allows them to make use of the "but..." portion to do all sorts of horrible things that suppress dissent and free expression, and then argue that they had to do it, because the US told them to do so. And, of course, it's not just foreign governments, but as Johnson's comments make clear, those at home as well. None of this means to encourage bad or illegal behavior online -- but to recognize that pushing for internet freedom means actually pushing for internet freedom, which is difficult to do when you immediately encumber it with your own set of conditions, and your colleagues are undermining the very foundation of a secure internet.
Filed Under: encryption, jeh johnson, john kerry, open internet, south korea