Resolving the encryption debate requires betting on innovation
Embrace, don’t undermine, America’s technological advantages and global competitive edge.
PALO ALTO, CALIF. — The recent debate over the scope and role of encryption highlights the tension around law enforcement’s efforts to preserve public safety and respect individual privacy.
The high-profile dispute between Apple and the FBI encapsulates this debate, seemingly pitting law enforcement against Silicon Valley.
It need not be that way. In fact, this debate misses the far bigger point.
The job for today’s leaders should be this: How do we create growth, while at the same time protect public safety and individual privacy?
Most agree that America’s technological expertise is a key pillar of our economic growth. Fewer understand that it’s also a key pillar of our national security. American excellence in pioneering disruptive technologies and ideas not only invigorates Americans and our economy, it also assists in safeguarding our shared homeland security interests.
This becomes easier to understand when you consider the impact of tectonic shifts such as social media, big data, cloud computing, mobility, and the Internet of Things. Their collective impact endows organizations with the ability to redefine how they interact with customers, deliver goods and services, and redefine their place in the markets they serve.
In market after market, we see technology as a driving force for positive change. However, these technology disruptions have a dark side. They have enabled new classes of bad actors who take advantage of holes in these platforms. These risks manifest into both cyber and physical threats from highly organized gangs and nation states. Organizations and governments struggle to keep pace in this rapidly changing, expanding threat environment. Dealing with cyber threats has taught us an important lesson: cybersecurity is different.
Many of our defense and political leaders, ranging from former US Deputy Secretary of Defense Bill Lynn to former Director of the CIA and NSA Michael Hayden to President Obama, agree. Cybersecurity is unlike the traditional defense domains of ground, sea, air, and space. Cybersecurity, the fifth domain, differs from its predecessors in that the core expertise does not lie in the military nor the government.
Why? Because cyber expertise, funding, and product development resides predominantly in the private sector. Government and law enforcement depend on the private sector’s agility, creativity, and risk tolerance in order to keep pace with this rapidly changing threat landscape.
For instance, the leading security paradigm of strong walls around your digital perimeter, a strategy predicated on keeping the bad guys out, has become ineffective. The bad guys are already in every network.
In response, industry quickly developed new models, focusing on protecting the most valuable data and critical assets, shielding the most important users, and monitoring for unusual events. To implement the philosophical transition to focus less on “walls” and more on risk-based models that emphasize data- and identity-centric security, the tech sector made rapid advances in the core data security technologies of encryption, masking and tokenization. Most agree these innovations are important and valuable.
By-and-large, government has acknowledged industry’s role in improving our collective cybersecurity and has encouraged the private sector to continue leading and innovating.
Returning to Apple and the FBI, no one wants to empower terrorists and criminals. Yet by a similar token, some government proposals will weaken security, make us less competitive, and stifle innovation. Take it from a surprising source and a colleague of mine, General Hayden: “Even when you’re just looking at this through a security lens, [weakening encryption is] actually not the best resolution for American security. Put another way, America is more secure – America is more safe – with unbreakable end-to-end encryption.”
Weaker encryption not only undermines our national security — it undermines our competitiveness, too. In the technology sector, there are two types of firms: those that collect, mine and monetize our data and online activity and those that don’t. In the case of the latter, customer privacy and the overall security of their products are central to their business strategy. When government requires these firms to create and maintain a backdoor, it violates their company ethos and diverts attention away from their business model. More importantly it has the potential of scaring away customers. If American companies can’t pursue an encryption-friendly strategy due to government intervention, companies elsewhere will. We can’t and shouldn’t pass this opportunity on to others.
We must look forward and attempt to answer the bigger question: How do we leverage the tremendous advantage our technology sector provides to advance economic growth and public safety?
As a start, stop litigating and stop fighting. Industry and government must recall that they are on the same side, pursuing the same objectives. These objectives include protecting national security, preventing crime and terrorism, and expanding innovation to maintain America’s global technological edge.
As leaders across both the public and private sectors, we should come together and use our unmatched ability to innovate and to solve seemingly impossible technical conundrums. Some possible solutions may already exist.
For example, law enforcement could apply advanced data analytics techniques to metadata, tracing the so-called digital exhaust we leave when we’re online to find and stop the bad guys without infringing on the security of the good guys.
Perhaps metadata analysis will be part of the answer, perhaps not.
Either way, one thing is clear – let’s not stifle progress and technological advancement, thereby shutting the door on any chance we have of finding a good solution. Instead, let’s bet on innovation to help us resolve one of our toughest dilemmas.
Jim Pflaging is a principal at The Chertoff Group and leads the firm’s technology sector and business strategy practice. The Chertoff Group is a security and risk management advisory firm. Follow The Chertoff Group on Twitter @ChertoffGroup.