The Government's Attitude on Data Security: There's Too Much and Also Not Enough
'Let us in, but do a better job at keeping others out!'
The government demands you giveth, and the government demands you taketh away. This week FBI Director James Comey made familiar comments declaring that encryption is the tool of terrorists—"essential tradecraft," in fact—and that we will continue to see law enforcement litigation trying to get tech companies to help the government break through cybersecurity of phones and devices in the hands of suspected criminals or terrorists.
Nearly at the same time, the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) are teaming up to be equally threatening toward mobile device companies because they're concerned that user data is too vulnerable. They're demanding mobile phone companies provide information about their plans for when they update mobile devices security and clearly intend to meddle somehow in the process by which these companies schedule these processes.
Alison Frankel at Reuters notes the contradiction here: "So, one set of government agencies is pressuring mobile companies to keep customer data secure while another segment of the government is pressuring the same companies to help investigators access data."
It's likely, though, that the various parties involved don't even see a contradiction. What has become abundantly clear during the whole encryption access debate is that government officials don't seem willing to accept—or even acknowledge—the argument by just about everybody in technology security circles that it's not possible to make an encryption system that only the "right" people can bypass. A "back door" that could be used by the FBI or the NSA could be used by anybody who could figure out how it works. Cybersecurity back doors render data vulnerable to hackers and other potentially dangerous individuals.
The unwillingness of folks like Comey and Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) to seriously engage with this dilemma leads to this absurd situation where one federal agency can threaten a company for not having good enough security while another agency can threaten for having too good security.