When Apple CEO Tim Cook opposed a court order to unlock a password-protected iPhone following the San Bernardino terrorist attacks in 2016, it triggered an ongoing debate throughout the tech industry. The debate centers on the best way to balance an individual's right to privacy with the need to ensure national security.
Carbonite and many other tech firms have actively supported Apple in its decision to oppose the court order. Carbonite firmly believes that providing investigators with custom methods to unlock or decrypt personal information will ultimately make everyone less secure.
Carbonite’s General Counsel Danielle Sheer talked about cybersecurity issues during a panel session at the recent(ISC)2 CyberSecureGov conference in Washington, D.C. She also had advice for growing tech companies who want to build secure solutions while getting a leg up on the competition.
Did your conference panel discuss the U.S. government's interest in getting tech firms to provide "backdoor" methods of decrypting information stored on smartphones and other devices?
Danielle Sheer: There was general consensus on the panel and in the audience that it seems incredulous to be having a conversation about forcing companies to reverse-engineer their products to be less secure. Just think about it: Our presidential election was hacked. Our news continues to be hacked. There are countless cybersecurity attacks happening around the world almost daily. The conversation cannot be about making products less secure.
Do you think policy makers in Washington fully understand the importance of this privacy issue?
Sheer: One of the speakers on my conference panel, who worked for the Department of Homeland Security in the Obama Administration, noted that when you try to educate many current members of Congress on matters of technology, they just don’t get it. The idea that a backdoor decryption method makes it easier for malicious hackers around the globe to hack the devices of U.S. citizens, is just too disconnected for non-technologists. On the other hand, however, if you say that the FBI needs access to password-protected devices for national security reasons, that’s a straightforward concept that everyone can understand. We need to be doing a better job of educating Congress.
What can be done to encourage policy makers and other citizens to fully grasp the importance of this issue?
Sheer: We have to find ways to understand each other. If talking about encryption methods and “backdoors” and reverse-engineering is too complicated, let’s try a different way. Use examples that make it personal for people.
Let’s say that you have a home alarm. You set it before you go to bed at night, and when you leave the house to go to work. Only you have the alarm code. You turn on the news one night and you see that Congress is debating a bill to provide the FBI and State Police Departments with default access codes to every single American home alarm system in the country. Now, you will have your access code, but so will the United States Federal Government and your State Police Dept. Do you care about that?
The issue of providing backdoor decryption methods to authorities is a lot like setting up a home alarm system, but giving the police station your alarm code. Who is guarding your alarm code at the police station? How is it protected? If you can come up with examples like that which make it personal, people might have the appropriate reaction which is, "Now wait a second, I'm not sure that is going to make our country more secure.” In fact, it might make our country less secure, which is the argument that Carbonite and other tech companies are trying to make.
What is your advice for startups and other technology firms that want to build secure products that comply with various government and industry regulations?
Sheer: My advice would be to look into the National Institute of Standards and Technology standards. U.S. companies are not currently required to comply with NIST, but the U.S. government is starting to use it as the gold standard for their own security architecture and many companies are beginning to adopt it voluntarily.
Danielle Sheer founded the legal department at Carbonite and led the company through an initial public offering and NASDAQ listing. She is responsible for Carbonite’s worldwide corporate governance and legal affairs. She also advises the company’s management and board on legal, strategic, and corporate governance matters.
Want to learn more?Get Danielle Sheer's advice on how to launch an in-house legal team today.