SAN FRANCISCO – Homeland Security secretary Jeh C. Johnson was apparently on a recruiting trip today at RSA Conference.
During his 30-minute keynote, amid dozens of “cyber” references, the 57-year-old Johnson put out the help-wanted sign for able-bodied security professionals who a) may want to join the National Cybersecurity and Communications Integration Center (NCCIC), or b) want to help execute on NSA Director Michael Rogers’ vision of “frontdoor” access to encrypted mobile data.
“Perhaps, you would consider a tour of service for your country,” Johnson said.
Rogers, during a talk this month at Princeton University, stirred a hornet’s nest when he asked technology companies to consider some sort of key escrow to give law enforcement and intelligence agencies access to scrambled information in cases where personal safety or national security is threatened.
During the Cryptographer’s Panel minutes prior to Johnson’s keynote, RSA public key encryption system cofounder Ron Rivest shot down the idea to loud applause.
“It just won’t work,” Rivest said.
That did not sway Johnson from pushing forward, asking the thousands watching what would have happened, if after the invention of the telephone, if the government’s authority extended only to the U.S. mail.
“This presents a real challenge to law enforcement and national security. I understand the importance of what encryption brings to privacy,” Johnson said. “Encryption is making it harder for your government to find criminal activity. We know a solution must take into full account the privacy rights and expectations of the American people. We need your help to find a solution.”
The final straw for law enforcement and politicos were separate moves by Google and Apple to no longer store encryption keys for Android and iOS data respectively. By doing so, the respective providers cannot be compelled by a warrant or secret court order to hand over customer encrypted data. Security experts argue that encryption protects consumers and businesses alike from hackers, intellectual property thieves and intelligence agency surveillance.
“We ask for your indulgence and understanding on encryption. Homeland Security is itself a balance between basic physical security and the liberties and freedoms we cherish as Americans,” Johnson said. “I can build you a safe city on a hill, but that city will constitute a prison.”
Johnson spent most of his keynote talking about the work being done by NCCIC, which he said will act as a centralized information-sharing outfit between the government and private businesses on threats. In January, President Obama spoke at NCCIC in Arlington, Va., and offered liability protection for organizations that share information through NCCIC, one of the classic impediments to information sharing listed by private organizations.
“We’ll soon be able to accept indicators in an automated near real-time format,” Johnson said. “We want to set up NCCIC as your primary format for cyber threat indicators. Government is trying to make it easier for you.”