There clearly is a battle between privacy and Federal overreach.
I see little difference between Industrial espionage and Federal claims of national security. Any backdoor or weakening of security will eventually lead to a breach.
Back in the 90’s, the US Government pushed for “Capstone” adoption. The general understanding was that there was a backdoor. The liability of that backdoor would not be on the government but the users who expected security which could be compromised.
The same thing happened when agencies were working on the parameters for Elliptical Curve algorithms. The algorithms require proper input parameters which changes the robust defense of the encryption.
Revealed at a Defcon conference, the parameters chosen for the standard were weakened intentionally, which makes no sense. This standard is utilized in Google Cloud encryption which for the sake of interoperability has been adopted across the industry, and now people depend on a compromised encryption.
While pondering these ideas, I began contemplating WHY is privacy considered a threat to the country, and WHO gives agencies the right to violate Constitutional protections?
Open Source robust encryption has been available for 30+ years and when placed on an old PC running linux, creates a secure communications gateway. What that means is that a high school kid has the skills to create a secure global communication platform. Let that sink in.
That means that before 9/11, terrorists have been able to communicate securely across the globe, and that begs the question, “Who, are the agencies under the Patriot Act actually watching, and WHY?”.
I’m pretty sure that any cybersecurity defense, Zero-Trust implementation, and robust encryption that is too effective will be considered a security challenge simply because of that superior engineering. The result is that certain people and businesses will be ostracized by “The Tyranny of the Majority” as a threat to national security – but it’s “all for the good of society.“
For me, If I can’t determine friend or foe, Zero Trust (which is being recommended for our Government infrastructure) must assume that all contacts are foes. If the second amendment can be positioned as the right to defense, can we also position the fourth and fifth amendments as the right to privacy and security including the right to not expose information that can and will be used as Lawfare against us?
I first have a fiduciary obligation to my investors, and certainly to my customers to provide a robust product that does not include compromises. The assumption that any secure communications are inherently sinister is bad logic. “If I have nothing to hide” is spoken by people who have a lock on their front door and a door on their bathroom – they understand privacy, and the statement is simply an attempt to impugn guilt.
So my answer to “balance privacy protection with interconnectivity” is that it isn’t my task to weigh that balance. My job is to create the best product that I can, with the best and strongest engineering that enables free communications. That is what the Queb is.
