For the first time, the RSA Conference has a strict anti-drone policy — a prohibition Homeland Security Secretary Jeh Johnson might have unwittingly violated in his keynote on Tuesday.
At least, that was joke among wags in the press room after Johnson devoted 30 minutes to reading off a detailed catalogue of federal initiatives on cybersecurity spanning the past half-decade. (The drone policy is real though; pictured right.)
Buried in Johnson’s remarks, though, was one spark for potential controversy: a renewed call for the technology industry to give law enforcement investigations access to encryption keys for private communications.
“Encryption is making it harder for your government to find criminal activity and potential terrorist activity,” Johnson said in his remarks. “Our inability to access encrypted information poses public safety challenges.”
This tug-of-war over encryption began in earnest last year, when in the wake of Edward Snowden’s disclosures on NSA surveillance practices, Apple and Google both announced that they would no longer keep copies of encryption keys used to protect data on iOS and Android devices. Without copies of the keys, the thinking goes, companies cannot be compelled to hand over access to investigators.
Federal officials have proposed in compromise a “key escrow” system, under which companies and government agencies would hold pieces of master encryption keys. No single piece would work without the others.
The escrow plan rankles security and privacy experts though. “It’s just not going to work,” said Ron Rivest (the “R” in RSA), who spoke on a panel Tuesday. If one government has access to master keys, he added, every other government will want the same.
“This is going to be a house with many, many doors and many people holding the keys.”