Claude Barfield

[Commentary] There are a number of cybersecurity policies that could loom large in 2017, but two issues are certain to cause heated debate and conflict. The first is the contentious issue of encryption, which pits US intelligence and law enforcement agencies against privacy advocates and Silicon Valley. The second relates to the expiration of the Section 702 surveillance provision of the USA Freedom Act. This blog posting will take up the encryption debate, and a subsequent posting will analyze the coming struggle over Section 702 renewal.

[Claude Barfield is a former consultant to the Office of the US Trade Representative.]

[Commentary] In the last week of July, the chairman of the Senate Judiciary Committee, Sen Patrick Leahy (D-VT), introduced a version of the USA Freedom Act that is far more restrictive on intelligence agencies’ operations than any other competing bill.

In explaining the distinct shift toward more privacy and transparency provisions in the competing bills, much weight has to be given to events occurring in the background: the slow drip of Snowden revelations, combined with more near-term political blunders by the intelligence agencies.

There is merit to the concerns that the new metadata process is so cumbersome and protracted that it may impair the ability to ward off future well-planned terrorist attacks. An open-minded, continuous assessment is thus in order. On the controversial change related to a public advocacy role before the FISA Court, however, there can be no doubt that ultimately the security agencies will reap a benefit.

One does not have to subscribe to the view that the FISA Court has been a “patsy” for the security establishment, to hold that an independent, internal “other pair of eyes” will enhance the credibility of future legal reviews of data requests.

[Commentary] The revelation of the Heartbleed flaw has “prompted a full roar in the world of Internet security,” in the words of Washington Post media blogger, Eric Wemple.

Whatever the potential technical perils for Internet security, the Heartbleed episode has already produced significant policy repercussions.

Importantly, it has forced the Obama Administration to reveal details of its internal cybersecurity decision making hitherto kept out of sight. It has highlighted – though certainly not resolved – the difficult dilemma of balancing the intelligence imperative of keeping America safe against the commitment to protect the openness and security of the Internet. And finally, the Obama Administration’s decision to pull many final Heartbleed-like judgments into the White House raises serious questions about its actual ability to control the vast sweep and scope of such operations.