Secretary Johnson Seeks Stronger Relationships with Vendors
DHS Secretary Jeh Johnson addresses the RSA conference.
The Department of Homeland Security will establish a Silicon Valley satellite office to improve relations with IT and IT security vendors and recruit cybersecurity talent, Homeland Security Secretary Jeh Johnson said in a keynote address at RSA Conference 2015 in San Francisco.
See Also: Mobile Deposit Capture: Balancing Fraud Prevention and Customer Convenience
“We want to strengthen critical relationships in Silicon Valley and ensure that the government and the private sector benefit from each other’s research and development,” he said in the April 21 speech. “And we want to convince some of the talented workforce here in Silicon Valley to come to Washington.”
The recruitment of IT security personnel would occur through the United States Digital Service, a program that allows IT security practitioners to temporarily work for the government. “This will build capacity on all fronts,” Johnson said, and in a pitch to the audience of thousands of IT security professionals, he added, “I hope some of you listening will consider a tour of service for your country.”
Neither Johnson nor other DHS representatives provided details on the Silicon Valley office or a timetable on when it would open.
Support for Encryption ‘Backdoor’ Sought
Johnson, in his address, called on a somewhat skeptical IT security community to back administration efforts to get security vendors to surrender keys, with a warrant, to unlock encryption on computing devices in cases of national security or serious crime.
Vendors are beginning to produce products in which encryption would be the default setting, making nearly every device extremely difficult to crack without the vendors creating a “backdoor” to access encrypted data.
“I understand the importance of what encryption brings to privacy,” Johnson said. “But imagine the problems if, well after the advent of the telephone, the warrant authority of the government to investigate crime had extended only to the U.S. mail. Our inability to access encrypted information poses public safety challenges. In fact, encryption is making it harder for your government to find criminal activity and potential terrorist activity.”
But many IT security experts and privacy advocates contend that creating a backdoor for U.S. federal intelligence and law enforcement agents would cause more harm, especially considering most vendors are multinational companies.
“If the key is provided to one government, they would be expected to provide it to all governments,” said longtime RSA conference attendee Eugene Spafford, a leading cybersecurity expert and computer science professor at Purdue University.
“Once the key is available to officials in potentially hundreds of countries, it would be a matter of time before it’s more generally leaked and available to others,” Spafford said. “And that leaves a backdoor that’s open to criminals and to agents to all these other national organizations. Requesting that a backdoor be built in ultimately would be detrimental to overall security than actually helping.”