On January 20th, President Obama delivered his 2015 State of the Union address, an annual speech the President gives to inform both Congress and the American people as to the nation’s current status and goals for the coming year. In this year’s address, President Obama made specific mention about not only the importance of scientific and technological advancement for the United States, but of the dire importance of protecting the nation’s cyber infrastructure.
These statements are pretty exciting to anyone in the security industry, but like most things, there are two sides to the issue. While protecting our data and infrastructure from foreign aggressors is obviously of top concern, there are issues of internal security and privacy which were conspicuously not mentioned in the President’s speech.
In his address, the President went as far as comparing information security to fighting terrorism:
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children's information. If we don't act, we'll leave our nation and our economy vulnerable.”
With the President’s dramatic phrasing, these statements were met with a wild round of applause and even a standing ovation from the members of Congress. To many, addressing information security threats with such a serious tone has been long overdue, and it’s not hard to see why. Increasingly , complex cyber attacks have started to dole out physical damage across the globe, and as our way of life becomes increasingly digital there’s no reason to think that the severity and frequency of these attacks will lessen if unchecked.
While issues of national security, digital or otherwise, are always of the highest priority; the President’s strong opinion on foreign cyber attacks was no doubt strengthened by the recent attack against Sony Pictures and the ensuing controversy over the perpetrator and their motive. Reports of big companies getting hit hard by security breaches is nothing new (in truth, they are becoming dishearteningly common), but rarely have they set off a media circus like the Sony attack did. If nothing else, we can thank Sony’s embarrassing security lapses for getting people’s attention on issues of information security and even starting a national dialog on First Amendment rights.
Ironically, Sony ended up making bigger waves in their failure than they probably would have otherwise. While this was perhaps not the most ideal way to get the nation to think about the realities of cyber warfare, it was unquestionably effective.
While statements regarding information security at the national level were a welcome addition to the President’s agenda, many wondered why nothing was said of what has arguably been a larger issue over the last couple of years: domestic surveillance. Thanks to whistleblowers such as Edward Snowden, the public has gotten a glimpse at the global system that is used to track and monitor the communications of individuals; and to say there’s been some pushback from the global community would be an understatement.
But while this issue was glossed over during the State of the Union address, we don’t have to look too far back to get the President’s opinion on the matter. In a recent press conference, the President claimed that technology such as strong encryption could, in itself, be a threat to national security, “If we get into a situation which the technologies do not allow us at all to track somebody we're confident is a terrorist … and despite knowing that information, despite having a phone number or a social-media address or email address, that we can't penetrate that, that's a problem.”
President Obama went on to argue that it is imperative the government have “backdoor” access into social media and other communications networks that it alone can control, not unlike the Clinton-era “clipper chip” proposal. Many analysts noted this as something of a shift for the President, given his previous condemnation of issues such as NSA metadata collection.
But the President’s statements paled in comparison to the hard line British Prime Minister David Cameron took. In no uncertain terms, the Prime Minister claimed that encryption itself should be abolished for the individual, “I think we cannot allow modern forms of communication to be exempt from the ability, in extremis, with a warrant signed by the home secretary, to be exempt from being listened to. That is my very clear view and if I am prime minister after the next election I will make sure we legislate accordingly.”
While both leaders did make it clear that due process would still need to be followed when monitoring citizen’s communications, that’s only a minor consolement for privacy advocates.
Long Road Ahead
The problem is a classic double edged sword. Nobody would deny that a nation has the right to protect itself from foreign cyber attacks, but at the same time, if the same methods used to monitor digital threats abroad are used against that nation’s citizens it becomes a privacy issue. Such a complicated issue will take time to sort out and will almost certainly outlive the current administration; this is especially the case without a clear and concise plan to address both the growing need for protection against cyber warfare and a citizens fundamental right to privacy.
As David Cameron has already shown, a candidate’s opinion on these issues will begin to become increasingly important on the campaign trail. The road to a balanced national cybersecurity plan could start at the polls, with voters including technical literacy and respect for privacy in their list of qualities that they look for before casting their ballots.