Carnegie Mellon's Jon Peha Warns US Officials of Dangers of Weakening Cybersecurity To Facilitate Government Surveillance CMU Researcher Urges White House Group To Push for Comprehensive Risk Assessment
PITTSBURGH, Nov. 4, 2013 /PRNewswire/ -- In response to the controversy over the alleged surveillance practices of the National Security Agency (NSA), the White House established the Review Group on Intelligence and Communication Technologies, which is expected to provide recommendations to the president next week.
In comments to the Review Group, Carnegie Mellon University's Jon Peha recommended a re-evaluation of those practices that weaken commercial products and services. These practices include weakening standards and placing "back doors" into products that are accessible to U.S. government agencies.
Peha, a professor of engineering and public policy and former chief technology officer of the FCC and assistant director of the White House's Office of Science and Technology, said deliberately weakening commercial products and services may make it easier for U.S. intelligence agencies to conduct surveillance, but "this strategy also inevitably makes it easier for criminals, terrorists and foreign powers to infiltrate these systems for their own purposes." Peha pointed out that cybersecurity vulnerabilities created to eavesdrop on terrorists could have vast unintended consequences.
"If we can weaken the standard for a general-purpose encryption algorithm, then it is impossible to predict what will become vulnerable. Perhaps this algorithm will be used to protect stock market transactions, or the real-time control of an electric power grid, or the classified designs of a military aircraft, which would then become vulnerable," Peha said.
While some argue that these policies sacrifice privacy to improve national security, Peha says such policies "may have actually compromised both privacy and security in a failed attempt to improve security."
"Policies that deliberately weaken the security of U.S. products and services will affect U.S. competitiveness," Peha said. "Customers will naturally prefer products and services from companies that they believe are immune from such a policy."
Peha argues that the solution is for the NSA to apply a "comprehensive approach to assessing risks associated with these practices," which includes "protecting individual Americans from cyberattacks that lead to credit card fraud, protecting companies from cyberattacks that lead to theft of intellectual property, and protecting the competitiveness of U.S. information technology firms in the global marketplace."
"A risk assessment that only considers NSA's ability to conduct surveillance would inevitably lead to practices that weaken the security of commercial products and services even when doing so is harmful to American interests," he said.
About Carnegie Mellon University: Carnegie Mellon (www.cmu.edu) is a private, internationally ranked research university with programs in areas ranging from science, technology and business, to public policy, the humanities and the arts. More than 12,000 students in the university's seven schools and colleges benefit from a small student-to-faculty ratio and an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration and innovation. A global university, Carnegie Mellon's main campus in the United States is in Pittsburgh, Pa. It has campuses in California's Silicon Valley and Qatar, and programs in Africa, Asia, Australia, Europe and Mexico.
SOURCE Carnegie Mellon University