Obama and Cameron’s ‘solutions’ for cybersecurity will make the internet worse

It would be funnier if it werent so true. Photograph: UPI /Landov / Barcroft Media

The current state of the US and UK governments ass-backwards approach to cybersecurity was on full display this week culminating with British Prime Minister David Cameron and President Obama meeting to discuss the issue at the White House on Friday. When it comes to cybersecurity, it seems the UK and US want to embrace every crazy idea except what we know actually works.

The UKs Cameron suggested earlier in the week he wants to outlaw certain forms of encryption, which could potentially lead to some of the worlds most popular messaging apps (like iMessage and WhatsApp) being banned in the UK. That speech had been ridiculed from all angles for the past few days, with various experts labeling it a nightmare for Internet security on par with authoritarian regimes such as Russia and China and economically devastating for the British information technology industry.

Meanwhile, the White House has proposed a huge expansion of penalties under the highly-controversial law that was used to prosecute Reddit co-founder and privacy rights advocate Aaron Swartz. If passed, the administrations proposal could further criminalize mundane Internet activity for example, potentially allowing for a ten-year jail sentence for sharing your HBO GO password all to supposedly target foreign hackers that the law would likely never reach.

Less than 24 hours before Cameron-Obama the meeting, the Guardian published a secret report based on previously unreleased Snowden documents showing that the US government is fully aware that encryption is vital for security, and that the government risked leaving themselves vulnerable if they didnt start implementing it on their own systems quicker. The British government likely knows this too: many of their employees use email encryption; and UK even recommend citizens use encryption to protect their data on a government website.

At the press conference after the meeting, Obama commendably didnt embrace Camerons proposal when asked about it, and even Cameron seemed to at least appear to back off his own anti-encryption proclamation, saying hes not trying to enunciate some new doctrine.

But just because Camerons been proven to be technically illiterate and may be attempting to publicly back away from his most radical proposal, that doesnt mean that he wont later push forward. FBI director Jim Comey proposed similar legislation to Camerons just a few months ago, and Cameron used eerily similar talking points in Washington on Friday as Comey did in late 2014. Plus. the rest of Camerons plan is downright scary for Internet privacy even without a formal encryption ban.

And then theres the White Houses so-called solution to the cybersecurity problem, which they unveiled earlier this week. President Obama introduced it saying we had to do something about incidents like the headline-grabbing Sony hack, or the juvenile hijacking of US Central Commands twitter account but what he didnt say was that those proposals wouldnt have stopped those attacks at all.

Part of the Obama administrations proposal would dramatically expand the Computer Fraud and Abuse Act, the oft-abused and notorious statute that the Justice Department used to threaten the late Internet activist Aaron Swartz with 35 years in jail. (Aaron later took his own life while awaiting trial.) The CFAA already has incredibly harsh penalties, so much so that theres been a movement for years to reduce them. And how the administration thinks increasing CFAA penalties is going to worry either North Korean hackers or ISIS sympathizers (or more likely pranksters) who take advantage of negligent password practices is anyones guess.

It would also would put countless security researchers at further risk of prosecution, the exact type of people the government should consulting with before making these ill-thought proposals, not driving underground.

Read the original:
Obama and Cameron’s ‘solutions’ for cybersecurity will make the internet worse