It would be cheap for us to claim that this election was won and lost because of unsecured email servers, but the reality is that the motivations behind the American public who voted for Donald Trump were obviously more numerous and complex. A sticking point for us, however, is that Trump and his VP, Mike Pence, have yet to clearly define their policy priorities around tech. Much of the Republican discussion around the topics that impact tech companies has centred on trade tariffs, manufacturing and corporate tax.
Proposed changes in these areas will no doubt impact the operations of giants like Apple and Google, especially now that the latter has also delved into hardware and will face pressure to manufacture in the US. The next US government was always going to play a pivotal role in the future of tech. Regulations on driverless vehicles and drones will fall under the remit of the next Secretary of Transport, for example. Similarly, continued investment in scientific research and curriculum selection for the next generation of digital natives will fall to Secretary of Education. But the immediate concerns of many are rightly focused on government surveillance and cybercrime.
From the UK to China, nations are rapidly passing legislation that will grant them unprecedented power to spy on their citizens. But nowhere is this more of a concern than in the United States. No other elected official on the planet has the same capacity for information collection and analysis as the US President. With the full force of a Republican legislature behind him, Donald Trump will be able to focus the full force of the NSA on any target he wishes including citizens, journalists, companies and foreign governments - just to name a few.
This turnkey tyranny is worrying privacy campaigners around the world. Trump’s victory makes it perfectly clear that if privacy and security are a concern, then trusting a US-based company with your data or relying on them for secure communications is simply no longer a viable option. It’s important to remember that the USA is more vulnerable to cyber attacks than ever before. We’ve seen a sharp increase of these headline grabbing attacks including the Dyn.com DNS attack in October which vividly demonstrated the vulnerability of networks and the companies dependent on them, in an increasingly connected world.
The same publicly available botnet was then used to take down an ISP in Liberia, taking much of the country offline. Then there are the hacks which lead to stolen and leaked files, surveillance of human rights activists, and attacks between nations on critical infrastructure. It’s vital that security professionals continue to share expert threat intel and ensure their defence systems are up to date with good visibility of threats.
Fixing America’s cyber security problem
Trump is evidently concerned that the USA’s existing cyber defence capabilities aren’t up to scratch. He has stated that he will order an immediate review of the USA’s cyber defences and vulnerabilities, and will look to develop its offensive cyber capabilities to deter attacks from both state and non-state actors. More tangibly, he plans to instruct the Department of Justice to create Joint Task Forces to coordinate national responses to cyber threats. The Secretary of Defence and the Chairman of the Joint Chiefs of Staff will need to provide recommendations for enhancing US Cyber Command.
On a positive note, Trump views the creation of teams that share resources from a diverse range of skills to be a key step in fixing America’s cyber security problem. Security professionals understand that the smartest way to build and maintain secure products is an open source approach. The advantage of those extra eyes is that flawed code is more likely to be detected, and solutions are more likely to be suggested. Most open source projects bring in contributors from widely different backgrounds with a range of complementary skills. If properly assembled, these teams could allow government to develop alternative solutions to cyber-crime, and cyber-enabled crime, that don’t involve misguided notions such as ‘encryption backdoors.’
This is a technical impossibility that the security community has consistently rallied against. Encryption is grounded in mathematics and is essentially binary: it either works or it doesn’t. Now more than ever, the tech and privacy communities need to champion the message that better data privacy is not contrary to, but rather an important component of, national security.
Working with experts
At Open-Xchange we have always supported fruitful and productive collaboration between governments, law enforcement and private technology companies on the topics of security and privacy. Doing so is the only way to create a solution that helps security officers do their job while upholding citizen privacy and safety. Donald Trump’s experience in private enterprise seems to have taught him the value of working closely with experts in a sector, look no further than his shrewd appointment of Governor Pence as a running mate to guide his campaign. However, Trump’s consistently erratic nature could easily result in the passing of knee-jerk legislation, by executive order or otherwise, to the detrimental effect of privacy worldwide.
Surveillance legislation of this kind from the Trump administration is sure to impact the already strained relationship between private enterprise and customer data privacy. Many companies today use customer data to inform product design and marketing communications, but unless more explicit, meaningful consent is obtained from the user, this data should be completely anonymised and encrypted.
Backdoor for one, backdoor for all
On a weekly basis, high profile data breaches prove that companies and governments are incapable of effectively securing personally identifiable, private customer data. World leaders of every spectrum need to understand that flaws in encryption and lazy approaches to data security result in data breaches and national insecurity. A backdoor for one is a backdoor for all. We sincerely hope that President-elect Trump will stay true to his previous form and work closely with the tech community, the experts, to develop policies and processes that will improve US data security with respect to user privacy and the wider national security benefits it confers.
For everyone else, we strongly recommend you think twice before sharing your data with a company that may become prone to erratic new laws, or relying on them to provide secure communications technology.
We all have to wait to see Trump’s first move, but if you were becoming President on January 20th, who would you appoint as your National Security Advisor for Cyber Command? What would be your bold first move to show the world you’re tough on maintaining individuals’ rights and data privacy?
Rafael Laguna, CEO, Open-Xchange
Image Credit: Flickr / Matt Johnson