RSA president slams crypto backdoors as useful only against petty criminals

Calls on RSA Conference 2016 attendees to loudly oppose weakening encryption

The idea of making end-to-end encryption breakable is “so misguided as to boggle the mind,” according to Amit Yoran, the president of RSA.

He says it will “catastrophically weaken” security for those using it for legitimate purposes without accomplishing the goals for which it is sought – catching terrorists and the worst criminals. “It is solely for the ease and convenience of law enforcement when pursuing petty criminals,” he says, while the toughest adversaries would be unaffected.

“No terrorist or nation-state would ever knowingly use such technology,” he says, except to take advantage of innocent users by exploiting the backdoors. Only small-time actors with no technical sophistication will be caught, he says. The net result would be bad for businesses in all industries trying to defend their digital environments.

He urged the 40,000 in attendance at the conference to deliver the message against backdoors to the government officials speaking at the conference, including FBI Director James Comey, who is the prime campaigner in favor of vendors and service providers being able to read encrypted communications if ordered to do so by a court.

+ NOT AT THE SHOW? See all the news as it happens +

Other government officials at the conference include Attorney General Loretta Lynch, Secretary of Defense Ash Carter and NSA Director Adm. Mike Rogers.

“We need to be respectful but we need to be sure our voices are heard loud and clear,” he says.

Yoran also spoke to the need for more and better trained security professionals to deal with attackers who constantly come up with more creative ways to attack networks, data and identities.

Security professionals should nurture the kind of outside-the-box thinking adversaries use to create attacks in order to stop them and track down attackers, he says. “If you don’t have hunters, grow them,” he says, “or at least don’t stand in their way.”

He says businesses should provide the automated tools that lift a lot of the necessary security drudge work so analysts can focus on what machines can’t. “Technology to reduce the mundane is good,” he says.

With the proper support, security pros can become master analysts within six months while on the job, he says, but it’s a big job that may take changing how they think about their work. They need to be free thinkers and curious. They should not focus on compliance check lists, but rather on solving problems.

“The private sector can’t do this alone,” he says. It needs government to make incentives that encourage cybersecurity education and to set policies that make better cybersecurity possible.

He cited the Department of Justice’s push for encryption backdoors as one of the government efforts that is not helping.

Join the CSO newsletter!

Error: Please check your email address.

Tags rsa

More about Department of JusticeFBINSARSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place