Even security officials aren't happy with the way cyberattacks are handled. Three former security officials support end-to-end encryption; regulations for hacking software will be redrafted. (image NSA HQ!)
Every week, a new cyber attack or wave of hacking scandals. Ashley Madison scandal, anyone? Though everyone from the government to professional hackers are trying to come up with new ways to prevent these attacks, there hasn't been one happy solution. A lot of issues stem from encryption keys and who can get their hands on them. Now, three former US national security officials have spoken out about why end-to-end encryption is the way to go.
Mike McConnell, a former director of the National Security Agency and director of national intelligence, Michael Chertoff, former homeland security secretary, and William Lynn, a former deputy defense secretary, argued that more US technology companies should be using end-to-end encryption of data so only the sender and the intended recipient have the decryption keys. This way the plain text of messages will not be available to companies offering products and services to the government. The trio doesn't believe the government should have “backdoor access” or duplicate decryption keys saying it only increases the risk of cyberattack. Currently, the argument for backdoor access is it allows the government to catch criminals communicating online, but three argue against this saying “This could lead to a perverse outcome in which law-abiding organizations and individuals lack protected communications but malicious actors have them.”
Is this the best solution to security? Not all attempts to regulate cyberattacks are well thought out. Recently, it was revealed that the US government will re-write regulations to restrict the export of software used to break into computers and smartphones. A draft of these regulations was published back in May and stated how the Department of Commerce wanted to restrict the development and testing of exploits, zero-days, and other invasion software. But after it was posted it soon received many comments and complaints, many of them from security professionals who learned it would severely limit and may even criminalize research into surveillance software. Even those who supported the initial idea criticized the draft for being too clumsy and confusing. Google even called the rules “dangerously broad and vague.”
Some draft of the regulation is needed for the latest iteration of the Wassenaar agreement among 41 countries, which limits the shipping of “dual-use” technologies used for peaceful and military purposes. Despite all the negative feedback the Commerce Department took in stride and assured that “All of those comments will be carefully reviewed and distilled, and the authorities will determine how the regulations should be changed. A second iteration of this regulation will be promulgated, and you can infer from that that the first one will be withdrawn.” As of right now with the various data breaches and hacking schemes, it looks kind of bleak when it comes to preventing cyberattacks.
See more news at: