The balance between privacy and security in the digital age will be a key cybersecurity challenge for the next administration, according to former Homeland Security Secretary Michael Chertoff.
“We really need to get to the point where we really view security and privacy as two sides of the same coin and very much interrelated,” Chertoff said on Friday at the Chertoff Group Security Series event "Focusing on the Future: Prioritizing Security in the Digital Economy" in Washington, D.C.
The Chertoff Group co-founder, who earlier this year backed Apple in refusing to help the FBI crack into an iPhone used by one of the shooters in the San Bernardino terrorist attack, reiterated he is in favor of strong encryption. Both the intelligence community and law enforcement personnel have the tools available to them today that “dramatically increases their capabilities” in this effort, Chertoff said, and the solution to this issue is not to weaken the ability of the average person or business to protect themselves.
“I’m all in favor of having government be able to use whatever skills it has to find what bad people are doing, and I can tell you, having worked for years in trying to detect and track and frustrate terrorist attacks, frankly there’s a lot more data and many more tools out there now that allow the ability to detect and frustrate attacks. So I get that,” he said.
“On other hand, I don’t know that the solution is to weaken the defenses and security that everybody, the average innocent American, has to protect their data. Because then what you’re doing is, while you’re enhancing the ability to make it easier for the government to crack into encrypted data held by bad guys, at the same time you are weakening everybody else’s defenses against those very same bad guys. And that I think in the end, is too high a price to pay,” Chertoff added.
The encryption battle highlighted the sometimes contentious relationship between the private sector and the government, Chertoff said, pointing to the impact of NSA leaker Edward Snowden. With that, the tech community has felt that “they have to demonstrate not just domestically or internationally, that they’re not merely tools or catspaws of the U.S. government,” Chertoff said.
“We need to be able to show the world that we are maintaining a system of law that reasonably protects privacy, but of course also allows the government to get what it appropriately should get to protect us,” he told conference attendees.
The next administration could help by focusing on setting ground rules for obtaining data that is held in other countries, Chertoff said. Noting that there is a “rise of nationalism now in our country and also in other parts of the world,” he said it is key to respect national boundaries while also setting up a common standard to allow information sharing as necessary.
“One of the things this new administration can do with Congress is come up with a kind of comprehensive set of rules that we can negotiate with some of our overseas partners that creates a streamlined, efficient, and mutually respectable way to get information that is required by law without stepping on someone’s toes in terms of their sovereignty,” he said.
Meanwhile, Chertoff also addressed a number of other issues that present national security challenges in the digital age. Pointing to the problem of fake news that has been highlighted in the wake of the presidential election, Chertoff said that “the issue is going to be whether in a world where information moves so rapidly, we are actually creating a vulnerability.” Other countries that exploit the ability to create fake news could potentially undermine national security, he noted.
During the campaign, President-elect Donald Trump said he supported increased infrastructure spending — and that means the administration must make sure what they are building is “secure,” Chertoff said. If Trump means to simply boost spending on road building and things of that nature, that is not likely to be significant to cybersecurity, he noted. But if the infrastructure spending is instead in areas like airports, where there will be more “smart devices” in use, contractors need to be focused on cybersecurity issues, Chertoff said.
The last thing the U.S. should do is spend money on infrastructure that “increases the attack surface for our adversaries,” he said.
Mackenzie Weinger is a national security reporter at The Cipher Brief. Follow her on Twitter @mweinger.
