Former DoJ and FBI Official, Jim Baker: Maybe Security Isn’t So Bad Drew Wilson | October 29, 2019 He worked at the Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI). Now, Jim Baker is rethinking his position on security. We’ve observed countless security incidences over the last few years. In fact, just in the last few days, we saw one security incident affect US military and government officials. At the same time, we’ve observed governments attacking encryption which is a means of protecting personal information and communications. With such a seemingly backwards effort by government to attack such a core element of security, you’d think that some people would be asking something along the lines of, “What is happening here?” We’ve already heard from Edward Snowden who sided with encryption. He said that without encryption, we lose privacy. He points out his experience working at the government as the backdrop to this opinion. Now, it seems that the sentiment about encryption amongst former government employees is being shared by others. James Baker worked at the DoJ and FBI. He recently published an opinion piece admitting that since he left government life, he is having a rethink on this whole debate. From LawFare: From 2012 to 2014, I worked for Bridgewater Associates, a hedge fund located in Connecticut. Bridgewater seeks to operate consistent with a set of principles articulated by its founder, Ray Dalio. Over the years, Dalio has written hundreds of principles and has now put them into a book. The first principle described in the book—one that has had a significant impact on me even after leaving Bridgewater—is “[e]mbrace reality and deal with it.” What follows are reflections on my efforts to embrace reality with respect to some aspects of several interrelated subject areas that have comprised a substantial part of my career: national security, cybersecurity, counterintelligence, surveillance, encryption and China. Those efforts have caused me to rethink my prior beliefs about encryption and to better align those beliefs with the reality that (a) Congress has failed to act—and is not likely to act—to change relevant law notwithstanding law enforcement’s frequent complaints about encryption, and (b) the digital ecosystem’s high degree of vulnerability to a range of malicious cyber actors is an existential threat to society. In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities—including law enforcement—to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly from China. This is true even though encryption will impose costs on society, especially victims of other types of crime. The piece touches on a number of points which is certainly worth reading. In this point in particular, it touches on the contradictory idea that, somehow, those smart techno-geeks can figure out a way of creating backdoor access to encrypted information. At the same time, those techno-geeks can keep that encryption secure for general use in the public. Of course, countless people have pointed out that this really isn’t technologically possible. An intentional backdoor weakens the overall encryption. Sooner or later, malicious third party actors are going to find that security hole and use it to their advantage. At that point, the options are either we don’t have security and its an absolute free for all for any country that demands backdoor access, or encryption be embraced and law enforcement has to deal with it. There is the obvious point that bad actors will use whatever happens to be secure, so the former really isn’t going to be productive by any means. That leaves the latter scenario. As Baker points out, this is the reality that ought to be embraced. What’s refreshing to see here is someone doing something that has a habit of not being easy: admitting that they might have been wrong on something. Certainly, in an era where personal ego takes over and people never admit they did anything wrong (and in some cases, double down on their efforts). We’ve seen it with Mike Masnick when he admitted that he changed his mind on network neutrality. I can admit to doing being mistaken on something myself. Although I can’t find it anymore, when YouTube started to become popularity, I honestly thought that the bandwidth requirements would eventually sink the site and it wouldn’t last more than a couple of years. Today, YouTube is one of the largest sites out there and I can admit that I was wrong on the longevity of the site. Google ultimately bought the site and, after some trouble to keep the site afloat, it became an overwhelming success. The point is, in this day and age, this is a quality we rarely see in high places these days. The pursuit of being accurate overriding the quest to always be right on everything. That pursuit eventually requires admitting that a previous notion on something may not have been accurate because you simply aren’t going to be right on everything. This is especially true for technology related issues. Some might consider an admission on being wrong on something as a source of weakness. In fact, it’s actually a source of strength. In an era of hyper-analysis (in some cases, excess analysis), this is something that people should praise rather than condemn. Whether or not this changes the overall encryption debate, that remains to be seen. Still, things like this can be quite a refreshing thing to see. Drew Wilson on Twitter: @icecube85 and Facebook.