Recently the Australian prime-minister made world news for his stance on the going dark debate. According to Prime Minister Malcolm Turnbull Information Technology giants like Facebook, Google and Apple should work with law enforcement to decrypt encrypted messages to aid in the fight against crime and extremism. Turnbull ruffled feathers by boldly stating that “though the laws of mathematics are very commendable, the only law that applies in Australia is the law of Australia”. He further opened himself up to ridicule from the tech community by giving an incorrect definition in his answer to one reporter’s question of what is a backdoor?”.
Even more recently, Equifax, one of three major US credit reporting companies reported a data breach which may affect 44% of the US population approximately 143 million US customers. At the time of writing, there are reports that thousands of Canadians may also be among those affected. According to details released by Equifax, hackers were able to access customer PII including but not limited to their full names, addresses, and SSNs. Given the quality and quantity of this breach, the opportunities for exploitation through social engineering and other means seem endless.
This article though is not about bashing or shaming Prime Minister Turnbull for his stance on the laws of mathematics or his incorrect representation of what is a backdoor. It is not even an avenue to vent outrage at Equifax for not doing a better job at protecting such sensitive information; although I know many would not fault me if it were.
Instead, it is a call to professionals in the field to own our area and to take responsibility for leading the discourse and effort needed to build structures which will support the impact of technology in our society. This includes pillars of policy and regulation around privacy, security, and safety. As professionals, we have an intimate understanding of many of the issues present and impending and we need to be the voice that ensures we don’t just have a discussion but that it is focused and steered in the right direction.
In response to Prime Minister Turnbull – the going dark debate is not a new one and both sides of this debate have merit. It is unreasonable however to expect that technology be stifled and its growth inhibited in the name of law enforcement. The need and value of law enforcement cannot be discounted but certainly, we are advanced enough in thought and technology to find a solution to this hurdle – to use technology to enable our law enforcement rather than encumber it.
Additionally, the laissez-faire approach to handling sensitive information and the Equifax breach are merely symptoms of our flawed system. They highlight where our value system lies: in profits rather than integrity and we will continue to see this happen again and again unless we do something radical to prevent it.
So will the real information security professionals please stand-up?
Will we be the voice needed to hold our governments accountable for legislation that will not stifle technology but nurture it, will we shout about the need to hold corporations accountable for the care of our personal information? Will we offer advice on how these regulations should be implemented to ensure organizations which are found culpable are also held responsible?
Or will we stand by and have decision after decision made without our expertise and input while we whisper and then complain about their inadequacy, only after the fact?
Will the real information security professionals please stand-up?
c.i.a bytes 