VFI Webinar: The Future of Cryptography and IT Security
Today’s cryptography technology has the potential to be circumvented by the processing speeds of future quantum computers. In the face of this threat, Microsoft is leading the industry in developing practical quantum-resistant public key cryptography. We’ll be hearing about this effort and looking at the future of IT security with Brian LaMacchia, a Distinguished Engineer at Microsoft and a global-leading authority on cryptography and security. Brian heads up the Security and Cryptography team at Microsoft Research NExT (New Experiences and Technologies). He’ll offer a glimpse of future cryptography, discuss today’s security challenges, and shine a light on how U.S. public policies impact cybersecurity.
RSVP: The Future of Cryptography and IT Security
Brian LaMacchia, Distinguished Engineer at Microsoft
Wednesday, February 21, 1:00-1:45PM Pacific | 4:00-4:45PM Eastern
TOP STORIES — VFI Leaders Visit Hill; Voice Support for CLOUD Act and Rural Broadband
This week, 41 VFI leaders visited more than 50 elected officials to discuss technology policy including the CLOUD Act and the importance of using TV White Spaces as one way to fix the rural broadband gap. I wanted to thank everyone who participated and encourage all recipients of the Executive Briefing to continue to reach out to your elected officials on these topics. You can do so on our VFI website.
For the top intelligence agencies in the US, technology has pushed aside terrorism as a top national security threat. The leaders of six of those agencies, including the CIA, the NSA and the FBI, testified before the Senate Intelligence Committee on Tuesday, during its annual “Worldwide Threats” hearing. They discussed concerns ranging from terrorist attacks to nuclear strikes, but a major portion of the hearing was dedicated to discussing threats coming from technology. Director of National Intelligence Dan Coats said in his opening statement that cybersecurity is his “greatest concern” and “top priority,” putting it ahead of threats like weapons of mass destruction and terrorism.
Law360 reported on comments by Rep. Warren Davidson yesterday while at yesterday’s Heritage Foundation event about Microsoft’s warrant case and the issue of cross-border data requests. Davidson remarked that he believes “it’s important, however the court decides, that we as Congress settle this in law, not just a series of somewhat incoherent court decisions.” The piece notes that bipartisan legislation, the CLOUD Act, was introduced earlier this month in both chambers to address the issue of cross-border data access by spurring international bilateral agreements to ease conflicting legal requirements and international discord.
WASHINGTON (Reuters) – Leaders of the U.S. Senate Intelligence Committee said on Tuesday they were concerned about what they described as China’s efforts to gain access to sensitive U.S. technologies and intellectual property through Chinese companies with government ties. Senator Richard Burr, the committee’s Republican chairman, cited concerns about the spread of foreign technologies in the United States, which he called “counterintelligence and information security risks that come prepackaged with the goods and services of certain overseas vendors.” “The focus of my concern today is China, and specifically Chinese telecoms (companies) like Huawei and ZTE that are widely understood to have extraordinary ties to the Chinese government,” Burr said.
The New York Times Don’t Let Criminals Hide Their Data Overseas
The New York Times published a joint op-ed by Tom Bossert, assistant to the president for homeland security and counterterrorism, and Paddy McGuiness, UK deputy national security adviser, urging Congress to pass the CLOUD Act to address the issue of cross-border requests for data. The two note that investigations of terrorism and crime are increasingly being impeded due to lack of access to foreign-stored data.
Lawfare readers are familiar with the perennial regulatory challenge of determining which country’s law enforcement agents ought to be able to access Internet data stored in the cloud. This is a considerable problem in two distinct contexts: (1) American law enforcement officers seeking access to data held abroad, and (2) law enforcement officers around the world seeking access to data held by American firms. The Stored Communications Act (SCA) is problematic in both cases because it does not specify whether it allows the American government to compel U.S. providers to produce content they have chosen to store abroad (Problem 1) and it has been interpreted to prohibit American firms from complying with foreign government requests for user content (Problem 2). This first issue has percolated through the U.S. courts for the last few years and the Supreme Court is scheduled to hear oral argument in United States v. Microsoft, or the Microsoft-Ireland case, on Feb. 27. In that case, the Court must decide whether a warrant issued under the SCA can compel Microsoft to produce emails that it stores in its Irish datacenter.
New changes made by Facebook and Twitter to their terms of service still don’t conform to the EU’s demands to protect consumers, the European Commission said. Specifically, the social networks haven’t properly told users why content is removed and that they have the right to terminate their accounts. On top of that, the companies still aren’t saying how quickly they’ll deal with requests from authorities to pull down harmful content.
The Register published an article detailing that four cryptography experts sent a letter to Sen. Ron Wyden applauding his efforts to have the FBI reveal the names security experts the bureau has consulted with on the subject of encryption. The group reinforced that technically speaking, requiring engineers to provide “exceptional access” to encryption will weaken security.
Axios published an interview with Bill Gates where Gates briefly discussed the issue of lawful access to encryption, among other items. In his interview, Gates stated that tech companies have to be “careful that they’re not trying to think their view is more important than the government’s view, or than the government being able to function in some key areas.” When asked for an example, Gates referenced the “view that even a clear mass-murdering criminal’s communications should never be available to the government.” Asked if he was discussing the ability to unlock an iPhone, Gates replied: “There’s no question of ability; it’s the question of willingness.”
The Guardian Dawn of the Techlash
The one-time darlings of free, open and trusted communication were taking a battering. Marc Benioff, the larger-than-life Salesforce CEO, suggested Facebook should be regulated like a tobacco company, because of the harmful and addictive properties of social media. But the most scathing attack came from George Soros, the billionaire investor, who said that Facebook and Google have become “obstacles to innovation”, a “menace” to society whose “days are numbered”. Davos picked up on snowballing public criticisms of social media. It’s hard to pinpoint when things started to go sour, but certainly the digital “misconduct” that characterised the Brexit referendum and the election of Donald Trump, with its allegations of Russian meddling, tarnished the reputations of the world’s tech titans and their platforms.
THINK TANK/TECH TRADE ASSOCIATION HIGHLIGHTS
American Enterprise Institute (AEI)
- Blog post on internet and digital trade: Resident scholar Claude Barfield argued that “while forced technology transfers are a real problem, this is only one element in a maze of laws, regulations, and secret practices that Chinese high-tech protectionism is composed of.” He noted that if the current administration moves forward “with the proposed set of [trade] priorities, the US will be taking the offensive regarding its technological future and shaping the global rules for competing in the digital economy.” (AEI BLOG – US-China trade face-off: Prioritize the internet and digital trade, By Claude Barfield, February 12, 2018)
Information Technology Industry Council (ITI)
- Statement on immigration: President and CEO Dean Garfield urged “Congress to redouble its efforts to find a permanent, legislative solution to the Deferred Action Childhood Arrival (DACA) program.” He stated, “The tech industry calls on Congress to end this debate once and for all and come together to find a permanent, viable solution that establishes the legal status for Dreamers. We stand ready and willing to support these efforts.” (ITI STATEMENT – Leading Tech Group Calls for Renewed Effort to Find Legislative Solution for Dreamers, February 15, 2018)
New America Foundation
- Blog post on content regulation: “The rise of platforms driven by user-generated content, such as Facebook, Twitter, YouTube, and Tumblr, has profoundly changed the scope and nature of digital content…However, these innovations have also enabled the dissemination of illegal content such as child pornography and copyright-infringing material,” millennial public policy fellow Spandana Singh argued. She added that “increased transparency in this field will lead to greater accountability of both companies and governments and will provide valuable insight into how companies apply policies and practices that impact users’ freedom of expression and privacy.” (NEW AMERICA BLOG – The Promises—and Pitfalls—of Content Regulation in the Digital Age, By Spandana Singh, February 13, 2018)
- Statement on immigration: “Despite the efforts of many senators who have worked in good faith to achieve a bipartisan consensus, the Senate came up completely empty-handed on immigration this week. It is very disappointing,” stated president and CEO Linda Moore. “Continued congressional inaction would needlessly disrupt the workforces that Dreamers are contributing to, effectively punish them for their parents’ decisions, and jeopardize their future and our economy. Congress cannot accept failure on immigration and should keep working to break this gridlock and pass a bill into law.” (TECHNET STATEMENT – TechNet: Congress Cannot Accept Failure On Immigration, February 15, 2018)
- Statement on proposed infrastructure plan: Moore also stated, “In today’s technology-driven society, vibrant broadband networks help fuel small business growth and are a key part of closing the ‘homework gap’ that exists because too many of our students lack reliable internet access and can’t complete assignments that require it.” She argued that “Infrastructure proposals should encourage cooperation between the public and private sectors to build out our nation’s broadband networks, cloud services, and connectivity infrastructure so that they can support modern transportation, technological, and energy needs.” (TECHNET STATEMENT – TechNet Calls for Broadband Deployment in Infrastructure Proposals, February 12, 2018)
- “I fully appreciate the position that many technology companies are in. We think the desire to prevent devices from being misused to promote criminal activity is a legitimate factor companies should consider in engineering those devices…. The movement toward law enforcement-proof encryption devices is going to be harmful in the long run to the interests of law enforcement and to citizens.”
- “The CLOUD Act would make it easier for the U.S. government to demand communications data held in other countries, and for foreign governments to access electronic data held in the United States. As Jennifer Daskal reports, the first part of the bill would resolve the legal question now pending before the Supreme Court in United States v. Microsoft in favor of the government… Although the government and tech companies have joined in supporting the proposed legislation, much more work needs to be done to address the concerns raised by OTI and other privacy and human rights groups. Congress must significantly improve the CLOUD Act to ensure meaningful protection for privacy and human rights.”
- “The debate over efforts to enable government agencies access to plaintext has long been very polarized. Our hope is that this report and the framework it presents will cut through the rhetoric, inform decision-makers, and help enable an open, frank conversation about the best path forward.”
- “While the [CLOUD Act] does not eliminate all conflicts of law within the cloud, it still helps reduce them. This act, and the bilateral agreements it enables, is a first step in the development of a broader transnational agreement on data availability. It’s not perfect, but Congress’s latest effort may be the next step toward an international rule of law for the cloud.”
- “Whether you think the CLOUD Act’s framework is a good or bad one, or whether you think courts will appropriately balance the factors, this is a much better way of coming at the problem. It asks about the interests of everyone who matters — providers, customers, and governments — rather than about the metaphysical location of a metaphysical abstraction. Data doesn’t care whether it’s domestic or extraterritorial.”
- “I don’t pretend to be an expert on [cryptography], but I think there is a clear consensus among experts in the field against [Christopher Wray’s] position to weaken strong encryption.”
- “Obtaining access to overseas data held by companies subject to our jurisdiction is entirely consistent with our treaty obligations and international norms. With [the CLOUD Act], we can meet these longstanding obligations, and meet them faster. The longer we wait to address this problem, the more our mutual public safety and national security will be undermined by the current legal obstacles to disclosure of data across borders. We must take action now.”
SOCIAL MEDIA HIGHLIGHTS
- @andashleysays: Great event at @Heritage yesterday on the upcoming @Microsoft #SCOTUS case, data sovereignty and #privacy, and related legislation such as the #CLOUD Act and #ICPA. You can watch the full panel here: CC @ALEC_Action @actonline @morganwreed @CmteForJustice @ITIFdc @consumerpal
- @K_eichensehr: Check out @grimmelm’s take: The Parties in U.S. v. Microsoft Are Misinterpreting the Stored Communications Act’s Warrant Authority via @just_security
- @EWInstitute: New EWI report on #Encryption released today to find middle ground between human rights and law enforcement. Download:
- @nytopinion: The internet is moving fast, and our legal constructs are not keeping up
- @RobJoyce45: @TomBossert45 and his UK partner have a great op-ed out on the Cloud Act!
- @RepDougCollins: “The internet is moving fast, and our legal constructs are not keeping up.” We must act now, and that’s why I introduced the #CLOUDAct in the House.
- @senorrinhatch: “Don’t Let Criminals Hide Their Data Overseas” White House Homeland Security Advisor Tom Bossert and UK Deputy National Security Advisor Paddy McGuinness wrote an op-ed together is support of the CLOUD Act. More on CLOUD:
- @UKinUSA: The CLOUD Act will stop criminals hiding their data overseas. Find out why the UK and US support this legislation in @nytopinion piece from UK Deputy National Security Adviser Paddy McGuinness and US Assistant to the President @TomBossert45:
- @verge: Bill Gates says big tech companies are inviting government regulation
- @axios: .@BillGates has a warning for Big Tech: “The tech companies have to be … careful that they’re not trying to think their view is more important than the government’s view, or than the government being able to function in some key areas.”
- @big_cases: New in United States v. Microsoft: Reply of United States submitted.
- @BlogsofWar: What Law Enforcement Really Needs for Investigations in the Digital Age
- @Gizmodo: What is Bill Gates saying about Apple and government backdoors?
- @just_security: Sharon Bradford Franklin (@OTI) emphasizes the CLOUD Act’s deficiencies in allowing the US government to demand US person data located abroad, and removing independent judicial review of foreign government requests for US data.
- @mikeallen: In an interview with Axios, Bill Gates warned Apple and other tech giants that they risk the kind of nightmarish government intervention that once plagued his Microsoft if they act arrogantly.
- @Nextgov: What to know about the CLOUD Act and what else Congress is tackling this week:
- @RSI: “If enacted, the CLOUD Act would establish a framework for U.S. law enforcement to obtain emails stored on foreign cloud servers, as in the Microsoft case.” @charles_duan @senorrinhatch @ChrisCoons @LindseyGrahamSC @SenWhitehouse
- @SCOTUSblog: If the government wins in US v Microsoft, Russian law enforcement will have strong argument to force tech companies to hand over data stored in US, argues Andrew Pincus of @Mayer_Brown, author of brief for @USChamber & other orgs in case about warrants & emails stored overseas
- @YahooFinance: Supreme Court fight could stir up fears of US spying overseas @esfuchs