So, as about a million Australians quietly shit themselves as the Ashley Madison data breach starts to bleed data, we have the UK government talking about banning encryption. Although they have backtracked to some some degree UK Prime Minister David Cameron told his parliament the country needed to crack down on encryption in order to make it harder for terrorists to communicate.
Photo: Ashley Madison
While the Ashley Madison hack is barely surprising — mega-breaches are a fact of life in today’s world — there’s a whole level of cock up associated with not encrypting such sensitive data. And if encryption becomes harder to access we can expect sensitive data to not only be captured but easily read and shared. And not actually deleting the data they promised to remove with their paid-for profile removal service suggests the story will be played out in the courts.
So, what’s happening in the Australian policy world when it comes to balancing act between security and privacy? We spoke with Tobias Feakin, the director of the International Cyber Policy Centre and Senior Analyst with the National Security at Australian Strategic Policy Institute. He works with and directly advises the government through the bipartisan Australian Strategic Policy Institute on cyber security matters.
“I think that's the problem with the discussion right now. There’s a dichotomy that governments find themselves in. What is their primary responsibility? To protect the nation from whatever serious threat might be of the day. But here are all these other responsibilities about promoting good business practice and good cyber hygiene”.
Feakin pondered whether incidents like the Ashley Madison breach would drive governments to consider mandating the use of encryption on data.
However, there’s a real balancing act in all of this. Encrypted data can be a significant barrier that hampers police investigations but there are clear benefits when it comes to protecting the privacy of individuals and companies.
“For me, it’s about having a decent public policy discussion,” says Feakin. “It’s something that needs to be nurtured… in the Australian context is a more mature conversation around national security threats. More in terms of shaping them as risks rather than just threats because there is a distinct difference”.
Feakin noted the need for a providing balance to the debate.
"I'm always very careful… to say we’ve got to keep this in perspective. We live longer lives. We're safer than at any point in human history."
The author of this article travelled to Singapore to attend the RSA Conference as a guest of RSA.