The Government's Attitude on Data Security: There's Too Much and Also Not Enough

'Let us in, but do a better job at keeping others out!'

Scott Shackford | 5.13.2016 12:55 PM

(Japanexperterna.se / photo on flickr)

Phone — Credit: Japanexperterna.se / photo on flickr

The government demands you giveth, and the government demands you taketh away. This week FBI Director James Comey made familiar comments declaring that encryption is the tool of terrorists—"essential tradecraft," in fact—and that we will continue to see law enforcement litigation trying to get tech companies to help the government break through cybersecurity of phones and devices in the hands of suspected criminals or terrorists.

Nearly at the same time, the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) are teaming up to be equally threatening toward mobile device companies because they're concerned that user data is too vulnerable. They're demanding mobile phone companies provide information about their plans for when they update mobile devices security and clearly intend to meddle somehow in the process by which these companies schedule these processes.

Alison Frankel at Reuters notes the contradiction here: "So, one set of government agencies is pressuring mobile companies to keep customer data secure while another segment of the government is pressuring the same companies to help investigators access data."

It's likely, though, that the various parties involved don't even see a contradiction. What has become abundantly clear during the whole encryption access debate is that government officials don't seem willing to accept—or even acknowledge—the argument by just about everybody in technology security circles that it's not possible to make an encryption system that only the "right" people can bypass. A "back door" that could be used by the FBI or the NSA could be used by anybody who could figure out how it works. Cybersecurity back doors render data vulnerable to hackers and other potentially dangerous individuals.

The unwillingness of folks like Comey and Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) to seriously engage with this dilemma leads to this absurd situation where one federal agency can threaten a company for not having good enough security while another agency can threaten for having too good security.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Why Trump Supporters Are Bringing an Elephant Man to the Beauty Pageant

Hide Comments (17)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Diane Reynolds (Paul.) 9 years ago

Nearly at the same time, the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC)

Different agencies, different missions, different goals.

The agency that says encryption is the tool of terrorists doesn't care about the consumer experience.
1. mad.casual 9 years ago
  
  In all fairness, they don't really care about encryption being a tool of the terrorists either.
  
  The man that supplied the guns to would-be terrorists could go on facebook and say, "I feel like I'm involved in a terrorist plot!" in plain-text and the government *might* convict him of marriage/immigration fraud *after* the shootout.
sarcasmic 9 years ago

What has become abundantly clear during the whole encryption access debate is that government officials don't seem willing to accept?or even acknowledge?the argument by just about everybody in technology security circles that it's not possible to make an encryption system that only the "right" people can bypass.

Government is the idiots with guns who tell the experts how to do their job.
Los Doyers 9 years ago

So ban cell phones. That'll teach those kids sending snatchchats too.
Brochettaward 9 years ago

The left hand of government doesn't know which ass the right is wiping. Water is wet. Ron Bailey wants his stapler.

What else is fucking new?
Forks and Spoons 9 years ago

Great, but what's the Trump angle?
Fist of Etiquette 9 years ago

In the area of cyber security, there's a sweet spot that you must hit under penalty of you know, whatever the whims of the federal prosecutors who has you in his cross hairs.
Curt 9 years ago

Why do we keep getting hung up on the "backdoor" analogy. Okay, here at Reason, it's probably related to pot, buttsex, and mexicans, but that's not what I meant.

The government isn't looking for a backdoor into these systems. They aren't looking for a sneaky way that could be exploited by hackers. They want the front door keys, the garage door opener, a large bedroom, and their own bathroom. They don't want to be a visitor peaking in the backdoor, they want to be master of the house with authority to determine who comes and goes.
1. Greater Questions of Carl 9 years ago
  
  Because "backdoor" is not only relatively intuitive terminology for lay audiences, but also the actual, accepted and used technical term (some in law / law enforcement who are pushing for backdoors use the term "exceptional access", but no one in tech does).
  
  As an added bonus, supporters of backdoors don't like the term, and squirm around saying idiotic things like "we don't want a back door, we want a front door".
  1. Detroit Linguist 9 years ago
    
    To which the only possible answer is 'QED', or the obscene equivalent.
Detroit Linguist 9 years ago

Just to add to the mix, the Department of Education is requiring all universities to have a 'plan for the protection of student data' that is compliant with FERPA and GLBA. I'm running a committee at my university to comply with this new mandate.

Now, understand, I'm in favor of being careful to protect student data (which these days includes not only grades but also health and disciplinary records and their bank's direct deposit information), but it's certainly another case of one hand giving and the other simultaneously taking away (or choose some other appropriate metaphor if you don't like this one...)
Enjoy Every Sandwich 9 years ago

Contradictions are just evidence of market failure!
BYODB 9 years ago

In Soviet Russia, Data Compress You!
Karinka 9 years ago

Are you single tonight? A lot of beautiful girls waiting for you to http://goo.gl/pI9ucn
the best adult dating site!
Karinka 9 years ago

Are you single tonight? A lot of beautiful girls waiting for you to http://goo.gl/pI9ucn
The best adult dating site!
BYODB 9 years ago

Energy Pioneer Solutions is exactly the kind of name I would expect from a corporation that doesn't really do anything other than have the right investors.

"Other Clinton friends ? including former Democratic congressional candidate Scott Kleeb, Democratic National Committee Treasurer Andrew Tobias and Mark Weiner ? share ownership of Energy ?Pioneer Solutions."
Wizard4169 9 years ago

Yeah, if by "journalism" you mean "Penthouse Letters".

Please log in to post comments

The Government's Attitude on Data Security: There's Too Much and Also Not Enough

'Let us in, but do a better job at keeping others out!'

Latest

Rise of the Samurai Lawyers

Marco Rubio Says He's Revoked 300 Student Visas Over Campus Activism

Pam Bondi Aims To Revive a Moribund Legal Process for Restoring Gun Rights

Trump Is Sabotaging His 'Drill, Baby, Drill' Agenda

How Backpage Became MILFS.com

Recommended

Login Form