from the a-victory-for-privacy dept
While the Snowden revelations certainly did get some companies to improve their own practices, it looks like the FBI's decision to go after Apple over encryption, has really galvanized many in Silicon Valley to take action to truly protect their users from snooping government officials -- meaning making use of real (not backdoored) encryption and also diong other things like dumping log files more frequently.
“We have to keep as little [information] as possible so that even if the government or some other entity wanted access to it, we’d be able to say that we don’t have it,” said Gadea, founder and chief executive of Envoy. The 30-person company enables businesses to register visitors using iPads instead of handwritten visitor logs. The technology tracks who works at a firm, who visits the firm, and their contact information.The article is full of such stories -- including one of a company called Stealth Worker that is basically helping lots of startups build in better security from the start:
Stealth Worker — a start-up funded six months ago by the prominent incubator Y-Combinator — provides contract cybersecurity experts to early-stage start-ups, which often operate on a shoestring budget. Stealth Worker chief executive Ken Baylor said that in the past month he had been approached by a half-dozen companies looking for ways to build tougher encryption and other secure technical architectures.Because it's the Washington Post, and they feel the need to be "balanced" the article does include the one ridiculous contrarian quote from our old friend, former NSA General Counsel Stewart Baker, who basically dismisses reality as a myth in the heads of some engineers:
“This is a Silicon Valley delusion that the government wants to outlaw encryption,” Stewart A. Baker, a former National Security Agency general counsel, said in an interview. “I grant that there is a radicalized subculture of engineers that is very prone to that delusion, but it is a delusion.”This is classic Baker: saying something that avoids the actual truth by saying something that's nominally true, but not what people are actually discussing. The claim of "outlawing encryption" is really shorthand for "outlawing effective encryption that is less vulnerable to attack." And that's absolutely what many in the government are trying to do. I mean, there's no delusion necessary when you can just read the bill put forth by Senators Dianne Feinstein and Richard Burr, that absolutely would make real encryption illegal. Sure, it says you can keep encryption, but only if it includes a way for 3rd parties to decrypt it. And the only way that's possible is to introduce serious vulnerabilities into the encryption.
The thing that Baker and many others truly don't get about Silicon Valley is that when you give techies a challenge that involves making "the best" of something, they like solving the challenge. The suggestions to backdoor encryption undermine that philosophy. They're saying that techies would need to deliberately cripple their own solutions. And the more that the FBI and clueless Senators push for such a solution, the stronger Silicon Valley will dig in and keep building better overall solutions that are less prone to government snooping.
Maybe, just maybe, if the likes of the NSA and FBI hadn't regularly abused their snooping powers, folks would be more willing to give them the benefit of the doubt. But it's a bit late for that at this point.