DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
from the we-all-need-to-work-on-this.-you-go-first. dept
DHS boss Jeh Johnson is still out trading fear for civil liberties. There's a cyberwar that needs fighting and his agency is looking for a position at the "information sharing" front lines. As the major systems went down left and right a couple of days ago, Johnson remained mostly unperturbed while delivering an address to CSIS.
In the context he delivered them, his remarks -- while remarkably similar to those he delivered at the RSA Conference in April -- seem to be a bit more conciliatory, rather than being just repetitive talking points from an agency seeking additional power at any cost.
Johnson acknowledged that in the war against hackers, the need to protect privacy and connectivity makes the web security a difficult operating environment.While I still remain skeptical as to his true intentions, it is a bit refreshing to see someone in the business of securing the homeland at least cognizant of the tradeoffs inherent to these aims. He said something to the same effect three months ago, but it was in the context of pleading the government's case for encryption backdoors.
“I can build you a perfectly safe city, but it will look like a prison,” he warned.
“Cybersecurity involves striking a balance,” he said. “I can build you a perfectly secure email system but your contact will be limited to about ten people and you would be disconnected entirely from the Internet and the outside world.”
I tell audiences that I can build you a perfectly safe city on a hill, but it will constitute a prison.I think most Americans are well aware you can't have perfect security and perfect liberty, and outside of the most extreme factions on either end, no one's clamoring for that. The important thing is that Johson recognizes this, considering he holds the tools to build the public a hilltop prison in the name of security.
But I still think Johnson wants most of the tradeoffs to come at the expense of the public. He may be totally sincere in his wishes to build a balanced cybersecurity program, with actual equitable information sharing, but his best intentions are naturally hampered by the excesses of the agency he helms. There are far too many agencies operating under the minimal control of the DHS, many of which aren't nearly as willing to cede civil liberties ground as needed.
On top of that, the government continues to be terrible at protecting its own assets. And yet, it wants the private sector to be its partner in the Great Cyberwar. Once these companies are forced to carry the cybersecurity load for the underperforming public sector, those with greater governmental control on their minds will start building these "prison" walls, and all tradeoffs will be forgotten.
The only way to keep the government honest is to force it to play by the private sector's rules. This means no willful subversion of encryption and ridiculous demands for additional intrusive access in the name of "information sharing." Once these companies are granted a little respect from their potential partners, I would imagine the us v. them posturing will relax a bit.
Johnson may recognize the tradeoff and may even be willing to make concessions. But so far, most of what's being offered by agencies like his are demands, rather than compromises.