Modern field guide to security and privacy

Resolving the encryption debate requires betting on innovation

Embrace, don’t undermine, America’s technological advantages and global competitive edge.

Jim Pflaging, principal and technology sector lead of The Chertoff Group, speaks at a recent event.

PALO ALTO, CALIF. — The recent debate over the scope and role of encryption highlights the tension around law enforcement’s efforts to preserve public safety and respect individual privacy.

The high-profile dispute between Apple and the FBI encapsulates this debate, seemingly pitting law enforcement against Silicon Valley.

It need not be that way. In fact, this debate misses the far bigger point.

The job for today’s leaders should be this: How do we create growth, while at the same time protect public safety and individual privacy?

Most agree that America’s technological expertise is a key pillar of our economic growth. Fewer understand that it’s also a key pillar of our national security.  American excellence in pioneering disruptive technologies and ideas not only invigorates Americans and our economy, it also assists in safeguarding our shared homeland security interests.

This becomes easier to understand when you consider the impact of tectonic shifts such as social media, big data, cloud computing, mobility, and the Internet of Things. Their collective impact endows organizations with the ability to redefine how they interact with customers, deliver goods and services, and redefine their place in the markets they serve. 

In market after market, we see technology as a driving force for positive change. However, these technology disruptions have a dark side. They have enabled new classes of bad actors who take advantage of holes in these platforms.  These risks manifest into both cyber and physical threats from highly organized gangs and nation states. Organizations and governments struggle to keep pace in this rapidly changing, expanding threat environment.  Dealing with cyber threats has taught us an important lesson: cybersecurity is different.

Many of our defense and political leaders, ranging from former US Deputy Secretary of Defense Bill Lynn to former Director of the CIA and NSA Michael Hayden to President Obama, agree. Cybersecurity is unlike the traditional defense domains of ground, sea, air, and space. Cybersecurity, the fifth domain, differs from its predecessors in that the core expertise does not lie in the military nor the government. 

Why? Because cyber expertise, funding, and product development resides predominantly in the private sector. Government and law enforcement depend on the private sector’s agility, creativity, and risk tolerance in order to keep pace with this rapidly changing threat landscape.

For instance, the leading security paradigm of strong walls around your digital perimeter, a strategy predicated on keeping the bad guys out, has become ineffective. The bad guys are already in every network.

In response, industry quickly developed new models, focusing on protecting the most valuable data and critical assets, shielding the most important users, and monitoring for unusual events. To implement the philosophical transition to focus less on “walls” and more on risk-based models that emphasize data- and identity-centric security, the tech sector made rapid advances in the core data security technologies of encryption, masking and tokenization. Most agree these innovations are important and valuable.

By-and-large, government has acknowledged industry’s role in improving our collective cybersecurity and has encouraged the private sector to continue leading and innovating.

Returning to Apple and the FBI, no one wants to empower terrorists and criminals. Yet by a similar token, some government proposals will weaken security, make us less competitive, and stifle innovation. Take it from a surprising source and a colleague of mine, General Hayden: “Even when you’re just looking at this through a security lens, [weakening encryption is] actually not the best resolution for American security. Put another way, America is more secure – America is more safe – with unbreakable end-to-end encryption.”            

Weaker encryption not only undermines our national security — it undermines our competitiveness, too.  In the technology sector, there are two types of firms: those that collect, mine and monetize our data and online activity and those that don’t.  In the case of the latter, customer privacy and the overall security of their products are central to their business strategy.  When government requires these firms to create and maintain a backdoor, it violates their company ethos and diverts attention away from their business model.  More importantly it has the potential of scaring away customers.  If American companies can’t pursue an encryption-friendly strategy due to government intervention, companies elsewhere will. We can’t and shouldn’t pass this opportunity on to others. 

We must look forward and attempt to answer the bigger question: How do we leverage the tremendous advantage our technology sector provides to advance economic growth and public safety?

As a start, stop litigating and stop fighting. Industry and government must recall that they are on the same side, pursuing the same objectives. These objectives include protecting national security, preventing crime and terrorism, and expanding innovation to maintain America’s global technological edge.

As leaders across both the public and private sectors, we should come together and use our unmatched ability to innovate and to solve seemingly impossible technical conundrums. Some possible solutions may already exist.

For example, law enforcement could apply advanced data analytics techniques to metadata, tracing the so-called digital exhaust we leave when we’re online to find and stop the bad guys without infringing on the security of the good guys.

Perhaps metadata analysis will be part of the answer, perhaps not.

Either way, one thing is clear – let’s not stifle progress and technological advancement, thereby shutting the door on any chance we have of finding a good solution. Instead, let’s bet on innovation to help us resolve one of our toughest dilemmas.

Jim Pflaging is a principal at The Chertoff Group and leads the firm’s technology sector and business strategy practice. The Chertoff Group is a security and risk management advisory firm. Follow The Chertoff Group on Twitter @ChertoffGroup.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.