When I initially had the idea of “CloudChat”, an interview series where CipherCloud interviews thought leaders and discusses timely, engaging, and thought-provoking issues in the security industry. Michelle Dennedy was the first name came to my mind.
Michelle, besides being one of the most recognized voices in consumer privacy (she is the Chief Privacy Officer of Intel Security), is also an amazing technologist–adjunct faculty of CMU, child online safety expert, and the 2014 recipient of Stevie Awards for Women in Business. What I like the most about Michelle is her unwavering integrity; she is a fighter and she fights for the right things.
So naturally I called Michelle first, and was thrilled that she agreed to be my first guest on CloudChat.
In this episode, Michelle and I discussed the hotly debated issue of government backdoor access. We debated on how we should engage the real consumers, not just the privacy radicals, on these issues. What do we want our society to look like? How do we want police to be policing? What does it mean to police in a connected world? Should we disallow a piece of technology just because it’s technically possible to do bad things with it, or do we, as Michelle puts it, go back to the ancient times and say, a mud hut with thatched roof wasn’t terribly secure, but that’s where we abide by our codes of conduct that thou shall not look in the window of thy neighbor.
Here is an excerpt of our discussion:
Secret surveillance – fruits of the poison tree
Michelle: Secret surveillance cuts off the ability to have judicial access to that information. In law, this is called the fruit of the poisonous tree. When we are surveying very, very broadly with no due process, no frameworks, no legal awareness, then really what we’re doing is finding networks of potential murderers and domestic abuse cases on and on and on and you are just handing the bad guys a great excuse that all this data is gathered illegally, and hence become “the fruit of the poisonous tree”, in that you no longer can use not just that evidence but anything that arose based upon that evidence.
Chenxi: So what you’re saying is if the illegal surveillance uncovers illegal activities, law enforcement can’t really do anything about it through the information gathered this way.
Michelle: Exactly. So now they’re caught kind of goofy-footed having to prove that they inevitably would have found the evidence in other more traditional policing means.
… There is actually a ton of review and process already in place for agencies like the FBI, the CIA, or the NSA, even though you see the statistic that something like 98% of the surveillance requests are granted by the court. What they don’t tell you is how many evolutions of that request has to go through before it is approved. Typically you’d bring something and the court will say, “That’s not enough evidence,” and back and forth. So by the time you get to that step, you should have a 100% because you’ve had advisory along the way.
Universal backdoor vs. the front door
Chenxi: Companies like Google, Apple, and Yahoo strongly oppose this concept of a government backdoor. Why do you think they oppose this so strongly?
Michelle: Back doors are simply bad for business. It’s instability, it’s risk, it’s the lack of transparency. It cuts off roots to transparency in many cases where there are roots.
Chenxi: Why would we need a back door if we can get enough information through the front door? Companies like Google, Apple, and Yahoo are deploying technologies that cut off any intermediary inspection capabilities. In these situations, there’s no front door access. What would you have the government do?
Michelle: Yeah. It’s a great question. … The short term good news is that most bad guys are not yet that smart. Most criminals are not conducing crime/business in a way that they are absolutely clear and there’s nothing that they’ve bought, places they’ve traveled to, or a person they’ve had a conversation with could implicate them. If you could lock yourself down that much and have only trusted associates around you, no one ever snitched on you, then we (the government) would have a massive problem. I think we are not there yet. It will be a really interesting problem when more and more people use encrypted technologies. But I think for now, statistically we’re still in pretty good shape.
Chenxi: If the U.S. government somehow is able to gain the legal ground to mandate this back door to be built into every piece of software or hardware, firmware. What’s to stop the next government from mandating a separate backdoor? Soon, it will be back door galore.
Michelle: Yes, So this for me weighs very heavily on both sides of this debate. Like I said, I’m really undecided. If you want to put a backdoor in because you feel like our government is a great government and governed by the people, be ready for Boca Raton to have it. Be ready.
Chenxi: Do you know if this discussion is happening inside large companies?
Michelle: Absolutely. It’s raging inside big companies…