Data Sheet—Saturday, January 23, 2016
If you tuned into a talk by Michael Rogers, director of the National Security Agency, at the Atlantic Council in Washington, D.C., this week, you might think the NSA had begun to change its tune about encryption—the technology favored by Apple and its Silicon Valley brethren to scramble users’ data and communications (much to criminal investigators’ chagrin), making them unintelligible to spies and hackers alike.
Rogers, who also heads the U.S. Cyber Command, surprised some commentators with a number of strong assertions about strong crypto that day. His statements could make a privacy advocate’s heart swoon: “Encryption is foundational to the future,” he said, adding that no one should expend a breath debating the point. Doing so, he stressed, would be a “waste of time.” (Fast-forward to around 25:30 in this video clip posted to the think tank’s website.)
Roger’s remarks do not, in fact, indicate that he has bailed on his quest to gain access to people’s encrypted data. To be sure, the intelligence boss’ stance is entirely consistent with views he has expressed in the past—as well as with ones propounded by other members of the law enforcement set. For instance, James Comey, who heads the Federal Bureau of Investigation (and who is often painted as an encryption bogeyman), told the Senate last year that “it is important for our global economy and our national security to have strong encryption standards.” That doesn’t mean either doesn’t still want access, of course.
Rogers’ posturing calls to mind other statements he’s made on the national stage. “Strong encryption is in our nation’s best interest,” he said at a Wall Street Journal conference last fall, as Fortune’s Kia Kokalitcheva reported. He then clarified, as my colleague paraphrased, that “he means strong, not full encryption of email and online files. The nuance is that strong encryption would still give his agency access to user information while full encryption would make the data unreadable.” Strong versus full, huh?
Actually, no policy change has taken place. The government top dogs still seek entrée into encrypted data—even as other countries, such as the Netherlands and France, have scrapped plans to mandate that “backdoor” vulnerabilities be built into tech products. The only difference is that the Feds have begun to refine their talking points in such a way as not to cause a stir, as happened almost a year ago at a New America Foundation conference on cybersecurity, in which Alex Stamos, Facebook’s security chief (then Yahoo’s chief information security officer), went toe to toe with the admiral. (Not to mention Apple CEO Tim Cook’s relentless criticism of the pro-crypto-cracking cohort.)
No, the NSA has remained on message. It is just getting better, perhaps, at encoding its intent.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.
FBI used controversial tactics in child porn bust. The Federal Bureau of Investigation seized a child abuse website and continued running it for two weeks in order to infect the site's visitors with malware. Doing so enabled the investigators to uncover users' true IP addresses and identify suspected pedophiles. One of the outed bunch is now arguing as part of his defense that the FBI broke the law and violated his Fourth Amendment rights. (Washington Post)
FireEye acquires iSight Partners. The slumping cybersecurity firm plunked down $200 million to buy the Texas-based threat intelligence firm. FireEye's last major acquisition was the forensics firm Mandiant for about $1 billion in 2014. ISight's makes its money on a subscription intelligence service, a more reliable source of revenue than Mandiant's data breach-dependent services. (Fortune)
Lucky number 7. On Thursday ForeScout became the seventh cybersecurity "unicorn," a venture capital-backed firm valued at $1 billion or more. The company raised $76 million in what will likely be its final fundraising round before going public, probably later this year. (Fortune)
Fidelity invests in Malwarebytes. The mutual fund manager pumped $50 million into this Calif.-based anti-malware firm headed by a 26-year-old. CEO Marcin Kleczynski said he believes now is the right time time to raise funds, before a possible market rout. (Fortune)
Casino operator sues Trustwave. Las Vegas-based Affinity Gaming alleges that the data breach investigations firm hired to clean up after a hacking incident botched the job. The company's lawsuit could have grave consequences for IT forensics businesses. Adding insult to injury, Mandiant, a rival firm hired to do the job next, said that "Trustwave’s prior work was woefully inadequate." (Register)
Your password is probably terrible. Once again the easily-crackable password "123456" is the most popular among a list of 2 million leaked passwords in 2015. Other passwords included "password," "football," and "baseball," as determined by the cybersecurity firm SplashData's annual list. (Fortune)
Share today's Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
The ex-con man of Catch Me If You Can fame joined a stealth cybersecurity startup.
Frank Abagnale, the once-notorious confidence trickster portrayed by Leonardo DiCaprio in the semibiographical film Catch Me If You Can, just landed a new gig. He has been named an adviser to a stealth cybersecurity startup slated to debut next month at the San Francisco-based RSA Conference, one of the world’s biggest computer security confabs.
The company is called Trusona, and it aims to solve the problems inherent to online identity and authentication... Read the rest on Fortune.com.
Earth-devouring octopus monster. An intelligence agency mascot. (MuckRock)
Bermuda triangulation. The home of lost phones. (Fusion)
Prime time! Multiply together 74,207,281 "twos," then subtract one. (Fortune)
PR fail: Will Smith's 1998 NSA movie. (BuzzFeed)
Fee Wi-Fi? Take these precautions. (Wall Street Journal)
How to Make a Profit in the New Hollywood by Michal Lev-Ram
Exclusive: Qualcomm Ventures Loses Its Head by Dan Primack
VMware Insiders Brace for Big Cuts by Barb Darrow
Buying Twitter: Some Likely—and Not So Likely—Candidates by Mathew Ingram
Google Is Blocking a Lot More Annoying Ads After All by Jen Wieczner
Big Banks Boost Block Chain Startup With New Funding, Deal by Stacey Higginbotham
ONE MORE THING
Is the rail industry practicing adequate cybersecurity? A Boston Review writer says no. An industry representative says yes. (Fortune)
"Encryption is foundational to the future."
Director of the NSA Michael Rogers, speaking to the Atlantic Council, a Washington, D.C,. think tank. Some privacy advocates interpreted Rogers' comments as being friendlier on the subject of encryption than the remarks of other administration officials, such as FBI Director James Comey. In fact, the two share a similar view; both still want access to peoples' encrypted data. (Intercept)