Creating systems of trust and real security for users should be all hands on deck, from government to the private sector. We need to encrypt the web, secure data at rest and in transit, and ensure that homes, cars and anything that can be connected to the internet are safe and trustworthy. The array of options is poor since security architects have to bolt security onto insecure systems. But that’s all the more reason to encourage people who understand how computer security works (and how it fails) to help. After all, there are only so many hours in the day, and the more attention we pay to these problems, the faster and better we can address them.
It’s not just individuals and private institutions who should be focusing on improving security for users, of course. Governments should be shouldering their responsibility for public safety by leading, incentivizing and, in places, even legally mandating real digital security for their increasingly vulnerable citizens.
But they are not. While the U.S. government has pushed hard to make sure that companies give them information about security problems—in the Department of Homeland Security’s Information Sharing and Analysis Centers and in the Cybersecurity Information Sharing Act passed in 2015, for example—there has been very little information or tools coming back to protect the public as technology users. This is even as we’re pushed into a world that increasingly relies on the internet for every facet of our daily lives. It’s also as the consequences of losing control of our data grow larger and more dire. Digital networks are now increasingly coming into our homes and cars. There are pushes to move to online voting, to the horror of security experts. The vast majority of us carry our phones with us everywhere; with them comes access to a tremendous amount of intimate information about us, our loved ones and our business and personal associations, both stored on the device and accessible through them.
The government should generate, incentivize and support efforts to build a more secure and trustworthy internet, along with the devices and services that rely on it. Instead, law enforcement in the U.S. and elsewhere too often demonize companies and individuals that offer strong security and pressure them to offer worse tools, not better ones.
Resisting Law Enforcement’s Siren Song: A Call for Cryptographers to Improve Trust and Security – Lawfare
Great piece, especially in light of the recent actions in Australia.