The U.S.
Office of Personnel Management (OPM) was recently hit by hackers who gained access to personal data for an estimated 4 million federal employees. Details are still unclear as to exactly which employees and which specific information were compromised. Also unknown is who perpetrated the hack though officials believe it was a group of Chinese hackers, probably the "plausibly deniable" type that the Chinese government can claim is not in their employ.
There is nothing particularly new about all of this. We know that various governments and individuals try to hack into U.S. government agencies all the time. They also try to access other governments, public organizations, private businesses and quite possibly your own granny's AOL account.
There is an important lesson to be learned from this event and similar successful hacks in the past: we must make it easier for anyone to hack any data, any time, anywhere.
That's right, that is what the U.S. intelligence community wants to do. You would think they would be concerned about safeguarding privacy and at least government secrets, if not proprietary secrets and data of private industry and individuals. But no, none of that is as urgent and vital as making it easier to snoop everywhere at every moment to keep the lions and tigers and bears, oh my! terrorists from sneaking into our backyards to rape the dog and murder our families.
The FBI's assistant director of counterterrorism warns that encrypting data and online communications makes it too hard to track terrorists and that tech companies should “prevent encryption above all else”.
I don't doubt that it could make it more difficult for the NSA, FBI, or other three-letter agencies to hunt down terrorists. But I'm okay with that. The alternative is far worse.
Imagine if the U.S. government had its way and all tech companies put in a "back door" or secret key or intentional flaw into their products. Even the most inconsequential and obscure programming flaws are ruthlessly exploited in short order by hackers to gain data access or command control in computer systems worldwide. Any purposely included method of bypassing security and encryption would also be exploited quickly, leaving virtually every system in the world wide open to the not-so-tender mercies of hostile governments, criminal hackers, and even "script kiddies" who get their jollies by wreaking cyber havoc wherever they can.
I would rather take my chances that some religion-crazed nutjobs, anti-abortion warriors, or general grudge-filled cranks cause some mayhem and murder than expose the entire world's computer systems to unlimited exploitation. It would make any terrorist attacks we have already experienced seem like a picnic in the park.
- Banks with millions of accounts siphoned off to distant countries
- Air traffic control systems breached to play "jet collision derby" games
- Medical records exposed for the fun of humiliation and profit of blackmailing
- Water, gas, and electric utilities shut down for the amusement of bored 14 year olds
The possibilities for mischief and maliciousness are endless. It seems hard to believe that anyone in government could be so naive as to think that deliberately breaking encryption would not lead to absolute disaster. The intelligence community must not live in the same real world that the rest of us do.