A recent exchange at a security conference between Yahoo’s Chief Information Security Officer and the director of the NSA highlights just how much the private-public security landscape has changed in the past few decades:

CIO Alex Stamos: No, I think Bruce Schneier and Ed Felton and all of the best public cryptographers in the world would agree that you can’t really build backdoors in crypto. That it’s like drilling a hole in the windshield.

AS: So, if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so—we have about 1.3 billion users around the world—should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?

The full published exchange at Just Security really is worth reading. But just those two excerpts reveal the degree to which the United States government has completely screwed the pooch in its relationship with tech companies. Data is a vital part of any company’s operations, and it is especially critical for tech firms: acquiring and monetizing (exploiting) user information is how they make their money. The majority of these companies are not run by psychopaths1, and I bet they would rather not have terrorism or other violence be facilitated via their products.

However, the secretive, assaultive approach of governments—through the Patriot Act, FISA courts, wiretapping, and state-sponsored hacking—is not the approach to take. To build off of Stamos’ language, these legal and digital attacks by governments on companies data is akin to bashing in the companies’ windshields rather than politely knocking on the window and having a conversation with the driver.

If the White House really wants to start mending bridges with tech companies, perhaps they should stop firing metaphorical artillery rounds at the companies’ windshields & then reaching in over the drivers’ mangled corpse to yank all the data out of their briefcase. It’s much easier to just knock and talk to them2.

  1. However a few notable exceptions definitely seem to be.

  2. It’s also much cheaper; legal and digital artillery emplacements are mighty expensive.