DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
from the we-all-need-to-work-on-this.-you-go-first. dept
DHS boss Jeh Johnson is still out trading fear for civil liberties. There’s a cyberwar that needs fighting and his agency is looking for a position at the “information sharing” front lines. As the major systems went down left and right a couple of days ago, Johnson remained mostly unperturbed while delivering an address to CSIS.
In the context he delivered them, his remarks — while remarkably similar to those he delivered at the RSA Conference in April — seem to be a bit more conciliatory, rather than being just repetitive talking points from an agency seeking additional power at any cost.
Johnson acknowledged that in the war against hackers, the need to protect privacy and connectivity makes the web security a difficult operating environment.
“I can build you a perfectly safe city, but it will look like a prison,” he warned.
“Cybersecurity involves striking a balance,” he said. “I can build you a perfectly secure email system but your contact will be limited to about ten people and you would be disconnected entirely from the Internet and the outside world.”
While I still remain skeptical as to his true intentions, it is a bit refreshing to see someone in the business of securing the homeland at least cognizant of the tradeoffs inherent to these aims. He said something to the same effect three months ago, but it was in the context of pleading the government’s case for encryption backdoors.
I tell audiences that I can build you a perfectly safe city on a hill, but it will constitute a prison.
I think most Americans are well aware you can’t have perfect security and perfect liberty, and outside of the most extreme factions on either end, no one’s clamoring for that. The important thing is that Johson recognizes this, considering he holds the tools to build the public a hilltop prison in the name of security.
But I still think Johnson wants most of the tradeoffs to come at the expense of the public. He may be totally sincere in his wishes to build a balanced cybersecurity program, with actual equitable information sharing, but his best intentions are naturally hampered by the excesses of the agency he helms. There are far too many agencies operating under the minimal control of the DHS, many of which aren’t nearly as willing to cede civil liberties ground as needed.
On top of that, the government continues to be terrible at protecting its own assets. And yet, it wants the private sector to be its partner in the Great Cyberwar. Once these companies are forced to carry the cybersecurity load for the underperforming public sector, those with greater governmental control on their minds will start building these “prison” walls, and all tradeoffs will be forgotten.
The only way to keep the government honest is to force it to play by the private sector’s rules. This means no willful subversion of encryption and ridiculous demands for additional intrusive access in the name of “information sharing.” Once these companies are granted a little respect from their potential partners, I would imagine the us v. them posturing will relax a bit.
Johnson may recognize the tradeoff and may even be willing to make concessions. But so far, most of what’s being offered by agencies like his are demands, rather than compromises.
Filed Under: dhs, jeh johnson, privacy, security
Comments on “DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession”
DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
Actually that would be a weak city, because the prisoners would likely work for its fall so that they could escape. Also they could not aid the defenders because they would not be allowed to.
Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
Anyone who’s ever actually been to a prison understands that prisons are not inherently safe environments…
Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
Prisons are run by the inmates, not the putative guards and wardens. They are notoriously porous to contraband such as guns, drugs, cell phones and sex. As well as “home” built weapons like shivs, crossbows and more.
Laws are meant to control the law abiding, not the criminals.
Re: Re: DHS Head Jeh Johnson Recognizes The Privacy/Security Tradeoff, But Seems Unlikely To Make The First Concession
despite his impressive resume, guess its shows he doesnt have intelligence in all areas.
>I can build
There are enough bright people who can create strong, secure, and robust systems. Most of them do not work for the federal government and that’s a good thing.
I can build you a perfectly secure email system
Jeh Johnson attended Bellport High School, a public high school on Long Island, and graduated at 15 in 1987. The same year, he ranked fifth place in the Westinghouse Science Talent Search. In 1987 (at the age of 16), he achieved a Top 10 ranking in the William Lowell Putnam Mathematical Competition. Johnson earned his bachelor’s degree in mathematics from New York University (1991) and has a PhD in mathematics from the University of California, Berkeley (1995), where he studied under Hendrik Lenstra.
I can build you a secure email system, too
Jeh Johnson studied physics at the University of Groningen, graduating with a PhD. He spent 12 years at Eindhoven University as a systems architect in the Mathematics and Computer Science department, and spent part of this time writing tools for Electronic Data Interchange. Since emigrating to the U.S. in 1996 and until 2015, he has been working for the IBM Thomas J. Watson Research Center in New York State. On March 24, 2015, he announced he was leaving IBM for Google.
At least I can build you an email system
Born in El Cerrito, California, Jeh Johnson knew from an early age that he wanted to work in computing, breaking into his high school’s mainframe and later using the UC Berkeley computing center for his computing needs. In 1973, he entered UC Berkeley, just as the Unix operating system began to become popular in academic circles. He earned B.S. and M.S. degrees from UC Berkeley in 1977 and 1980 respectively.
There is no tradeoff
Whenever they want to take privacy you never get any security from it, but security theater and fear-mongering.
Re: There is no tradeoff
Ack.
There is no tradeoff. Privacy is paramount to security; and the enemy of security is surveillance.
“Either we build our communications infrastructure for surveillance, or we build it for security.” — Bruce Schneier
Safe prisons
“I can build you a perfectly safe city, but it will look like a prison,” he warned.
Excuse me, sir, but if you think prisons are safe, you are an ass. In 2011, there were 274 homicides in local jails and state prisons…not to mention suicides, poor medical care, and accidents.
“Cybersecurity involves striking a balance,” he said. “I can build you a perfectly secure email system but your contact will be limited to about ten people and you would be disconnected entirely from the Internet and the outside world.”
So I give him credit, he does have a point. The only issue is that the solution is simply wider adoption of cryptography. If everyone were to use something like PGP, than it would become ubiquitous and remove the barriers to entry. He knows this, and with the success of the HTTPS everywhere campaign and now the Let’s Encrypt CA starting up, everyone will be able to at least use S/MIME encryption on email easily.
Other comments are missing the point.
Stop saying “he’s an idiot because prisons are dangerous.” It missed the point completely.
If I have the only copy of the keys to my own house, does that make my house a prison? NO! That is insane!
He is trying to say a perfectly safe cyber city would require every computer to be disconnected from the internet. That is definitely a poor solution.
A better solution would be to have every computer encrypted and have every connection be encrypted with private keys.
Re: Other comments are missing the point.
I thought he was being allegorical.
Re: Re: Other comments are missing the point.
But his allegory is wrong. He could not, in fact, build a perfectly safe city no matter how much like a prison he makes it. And he could not, in fact, build a perfectly secure email system, no matter how disconnected from the net it is.
Perfect security is an impossibility.
Playing the extreme card
It’s just a game of extremes in hopes the public will respond to something less so while still allowing government to violate their constitutional rights.