September 11, 2019 BANKING & FINANCIAL, CYBER SECURITY

That Capital One Cybersecurity Breach

Recently, we heard about Capital One being hacked and losing 100 million records in the process. A major breach in their cybersecurity strategy, for sure, and yet another bullet in the overall financial industry security armor.  This was, of course, plastered all over the media and we were privy to the usual frenzy of opinions as well as comments.  Nothing new there.  However, the news ended up obfuscating something much more important, which could impact our lives in a deeper way than a few hundred million stolen SSNs (they’ve already all been stolen anyway, so who cares).

What am I talking about? Our emeritus AG, Mr Barr, who promptly launched himself into a tirade against encryption. At a conference at Fordham University, he practically threatened the cybersecurity world with new laws forcing us to create backdoors so that the government can break encrypted traffic.  The FBI Director, Christopher Wray, apparently, agrees.  I know, I shouldn’t be surprised at this point. The FBI has been complaining for years that encrypted traffic stops them from identifying terrorists and preventing attacks. However, while I’m tempted to believe the good faith of Mr Wray (not that I do, I’m just saying I’m tempted to), I certainly don’t trust Mr Barr. Not by a single iota.

He belongs to the inner circle of a president who has clearly demonstrated an utter disregard for everything that stands in his way.  He has criticized judges, demonized the press, and recently, attacked everybody who doesn’t look like him.  I think most of us would agree that this is the behavior of a tyrant.  And therefore, I personally do not trust the intentions of his AG.

Birds of a feather

Yes, it’s true, with encrypted traffic, the authorities can’t discover what terrorists are saying and have a hard time protecting us.  Still, what will become of our privacy if we allow these backdoors to be created? Who’s to say they’ll only be used against terrorists?  And who’s deciding who’s a terrorist before the traffic is decrypted? If such a law comes to fruition, any communication is fair game.  They could be listening to me calling my mother and claim possible terrorist.  OK, that’s a little far-fetched but still a hyperbolic example to illustrate the absurdity and danger of passing such laws.

Also, when you create backdoors, you can’t possibly claim that they’re only for the government.

Reflect upon several years ago when the NSA stored some dangerous code online, because, hey, who can hack into the NSA?  Oh, wait, that did happen.  And the code leaked online; and hackers went to town with it, modifying it to suit their own ulterior motives. The end result being that something which had been originally created as part of our military defense arsenal, became a loose cannon weapon, now in the hands of crooks we can refer to as cyber militia.  It’s like saying someone lost a nuke, just, in the virtual sense.  And now Barr wants a backdoor to open encrypted traffic, and (naively) thinks we can create one only he can open.

Hackers would have a field day with this.  They’d hack through with ease, and that’d be the end of encryption as a mechanism to protect our communications from hackers.  Barr’s only result would be to make hackers’ lives that much easier.

Mr Barr, when we encrypt traffic, we’re not trying to hide it from you

We’re trying to protect our information from being hacked.  And if we create these backdoors, that signals the end of the game.  Hackers _will_ gain access to those backdoors, and they _will_ steal our information.  They’re already stealing everything else, with utter impunity.  Why don’t we just hand them the keys and raise a white flag altogether?

If Mr Barr has his way, that’s precisely what will happen.  But he doesn’t seem to either care or understand.  He seems to think that it’s possible to break encryption in a way that allows only the authorities to read your communications.  Someone has to explain to him that, that’s nothing but wishful thinking.

Back to the substance of what Barr is asking.

What guarantees do we have that this tool, if ever built, would only be used for legitimate purposes?

How do we know our government won’t turn rogue and start snooping on all of us?

We’re already well aware the NSA listens on every communication, and is likely reading this document too. And I’m fairly certain if we create such backdoors, they won’t only be used as a tool to intercept terror attack plots.  Everyone is fair game in a world wherein encryption is practically non existent.  At this moment, in this present day, we still have a government we think we can trust.  But, how long will that last?  What if some rogue element in the government starts using this tool against us?

There’s also something else to be considered – is it even possible to create what Barr’s asking?  The cybersecurity world is up in arms, and rightfully so.  This sort of thing has already been attempted, in Australia, with severe backlash. These laws clearly demonstrate how in trying to regulate something they don’t comprehend, politicians end up writing laws that don’t make any sense.  Laws that may not even be implementable.  The Australian one has already had one unintended, bad consequence.  Many companies are removing their data from there; causing the market for data centers to have a sharp downturn.  Clearly, this type of law is also bad for the economy.

Bad for privacy; bad for the economy

Not really useful to do what it’s supposed to do; likely not feasible either.

What am I forgetting?

I’m glad I’m not the only one who feels beyond uncomfortable with this law.  This is a bad idea, all around.  Hopefully someone will be able to convince Mr Barr or, hopefully, the Democratic party will have some sense to block this law from ever passing if someone truly brings it to the floor.