How the Politics of Encryption Affects Government Adoption – Freedom to Tinker

I wrote yesterday about reports thatpeople in the White House are using encrypted communication apps more often, and why that might be. Today I want to follow up by talking about how the politics of encryption might affect government agencies choices about how to secure their information. Ill do this by telling the stories of the CIOs of three hypothetical Federal agencies.

Alice is CIO of Agency A. Her agencys leader has said in speechesthat encryption is a tool of criminals andterrorists, andthat encryption is used mostly to hide bad or embarrassing acts. Alice knows that if she adopts encryption for the agency, her boss could face criticism for hypocrisy, for using the very technology that he criticizes. Even if there is evidence thatencryption will make Agency Amore secure, there is a natural tendency for Alice tolook for other places to try to improve security instead.

Bob is CIO of Agency B. His agencysleader has taken a more balanced view, painting encryption as a tool with broad value forhonest people, and which happens to be used by bad people as well. Bob willbe in a better position than Alice to adopt encryption if hethinks it will improve his agencys security. But he might hesitate a bit to do so if Agencies A and B need to work together on other issues, or if the two agency heads are friendsespecially if encryption seems more important to the head of Agency A than it does to the head of Bobs own agency.

Charlie is CIO of Agency C. His agencys leader hasnt taken a public position on encryption, but the leader is known to be impulsive, thin-skinned, and resistant to advice from domain experts. Charlie worries that if he starts deploying encryption in his agency, and then the leader impulsivelytakes a strong position against encryption without consulting his team, the resulting accusationsof hypocrisy could anger the leader. That might cost Charlie his job, or seriously undermine the authority he needsto properly manageagency IT. The safe thing for Charlie to do is to avoid deploying encryptionnot only to preserve his job but also to protect the rest of the agencys IT agenda. If Charlie doesnt change the agencys practice, then criticism of the practice can be deflected onto the previous leaderand of course well be upgradingto the better practicesoon. Here the uncertainty created by the leaders management style deters Charlie from changing encryption practice.

Lets recap. Alice, Bob, and Charlie are operating in different environments, but in all three cases, the politics of encryption are deterring them, at least a little, from deploying encryption. Their decision to deploy it or not will depend not only on their best judgment as to whether it will improve the agencys security, but also on political factors that raise the cost of adopting encryption. And so their agencies may not make enough use of encryption.

This is yet another reason we need a serious and specific discussion about encryption policy.

Link:
How the Politics of Encryption Affects Government Adoption - Freedom to Tinker

Related Posts
This entry was posted in $1$s. Bookmark the permalink.