Quick Hits: July 22
*** Attorney General Bill Barr gave his strongest comments to date in favor of compelling tech companies to provide the government with "lawful access" to encrypted devices and applications. In a July 23 speech at the International Conference on Cyber Security, Barr said the risks of weakening cybersecurity for billions of communications must be weighed against the consequences of allowing criminals to communicate discreetly.
"Hackers are a danger, but so are violent criminals, terrorists, drug traffickers, human traffickers, fraudsters and sexual predators," said Barr. "While we should not hesitate to deploy encryption to protect ourselves from cybercriminals, this should not be done in a way that eviscerates society's ability to defend itself against other types of criminal threats."
The speech could presage a renewed public push by the Trump administration for legislation mandating law enforcement have some way to access encrypted communications. However, Barr offered no specific proposal for bridging what cryptographers view as a matter of mathematics: that it is not possible to give law enforcement the access they desire without significantly weakening cybersecurity of the overall digital ecosystem.
Moreover, Barr's speech was wholly consistent with the views expressed by past attorneys general and DOJ's official policy on encryption for the past three decades. Thus far, the government has not found a workable solution that experts believe would significantly expose Americans to increased rates of hacking and other cybercrime.
"[Strong encryption] helps protect our children from predators who would spy on them through their cell phone cameras or surreptitiously track their movements," said Sen. Ron Wyden (D-Ore.) in a lengthy response to Barr's comments. "It keeps our health records, personal communications and other sensitive data secure from hackers. It helps protect national security secrets from hackers working for the Russian, Chinese, North Korean and other hostile governments."
***Former federal and defense CIOs have signed onto a letter and report criticizing the Defense Department's controversial warfighter cloud buy, JEDI. The IT Acquisition Advisory Council released a report July 23 criticizing the Joint Enterprise Defense Infrastructure cloud program for "diverging" from DOD's "own cloud strategy." The report recommends the department "withdraw and review" the JEDI solicitation.
"DoD still has the opportunity to pause, evaluate, and align its investments with its current strategy," the report states. "The JEDI RFP undermines the entire strategy by limiting access to innovation; requiring a static cloud environment without on-ramps for new providers and technologies; and failing to recognize the role of SaaS [software as a service]."
*** The Federal Aviation Administration opened up its Low Altitude Authorization and Capability (LAANC) system to recreational drone flyers, which will give those operators the ability to quickly get authorization to access to controlled airspace.
In a July 23 statement, the FAA said the LANC expansion will add to the efforts to integrate drones into the national airspace. LAANC, under the agency's UAS Data Exchange umbrella, was created to address the mounting numbers of private drones. Agency regulations require unmanned system operators flying aircraft at lower altitudes -- below 400 feet -- in airspace managed by an FAA air traffic control facility to get formal permission before such operations.
The LAANC system, which completed its initial roll out almost a year ago at airports nationwide, provides near-real-time processing of airspace authorizations for drone operators, as well as a more detailed traffic picture of the controlled space. The services are based on a public-private partnership between the agency and industry service suppliers.
Posted on Jul 22, 2019 at 1:00 AM