With the recruitment of Rep. Mike Pompeo (R-Kan.) to lead the Central Intelligence Agency (CIA), Democrats in the Senate and privacy advocates have voiced opposition based on the now-former house member's record on surveillance issues.
While some Democrats approved the appointment, Sen. Ron Wyden (D-Ore.), for one, voiced concern over Pompeo's “enthusiasm for sweeping new surveillance programs targeting Americans.”
Sen. Bernie Sanders (I-Vt.) said it was “vital to have a head of the CIA who will stand up for our constitution, stand up for privacy rights...Unfortunately, in my view, Mr. Pompeo is not that individual.”
Other voices expressed concern over Pompeo's stance on the rollback of privacy reforms, such as restrictions on the NSA's mass gathering up of citizen's and non-citizen's communications data. The Electronic Frontier Foundation (EFF), in a statement, said several of President Trump's nominees, including Pompeo, would "undermine digital rights and civil liberties."
Further, the CIA's newly appointed director wrote in a January 2016 op-ed piece in the Wall Street Journal that Washington is “blunting its surveillance powers” with legislation like the USA Freedom Act. He previously voted in favor of the legislation.
“Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database,” Pompeo wrote in the op-ed.
Adding further anxiety for some, in questioning during confirmation, he failed to provide further details on what precisely he would include in the government's metadata collection, which would include social media postings.
“After two rounds of submitted questions and a hearing, we still don't know what Congressman Pompeo meant when he referred to 'all metadata' or how he defines 'publicly available financial and lifestyle information,'" Wyden said in a Senate speech.
“It is something else entirely to create a giant government database of everyone's social media postings and to match that up with everyone's phone records,” Wyden said, calling the idea “a vast database on innocent Americans.”
Another clue to Pompeo's position on the extent of government authority can be gleaned from comments he made in Nov. 2015 to SC Magazine: “You see enormous bureaucracy, vested interests, and siding that takes place, which all prevent the government from acting with the speed and force that cyberthreat actors have in place.”
Other industry experts wonder about the impact of technology such as encryption, which has led some government officials to seek backdoors.
“Encryption will be at the forefront for the immediate future as many governments, not just the U.S., attempt to balance the need for security with the right to privacy," Andrew Howard, CTO of Kudelski Security told SC Media on Wednesday. "Unfortunately, there is no solution that maximizes both."
Watchdog groups, consumers and even businesses will be following developments closely, Howard said. "These privacy issues quickly cross borders and are impacted by technology advancements almost daily. It is clear the next few years are going to be interesting.”
Will Ackerly, CTO and co-founder of Virtru, told SC Media on Wednesday that he believes Pompeo is trying to address Americans' concerns about the government's ability to protect them, but expressed reservations around some of his suggested fixes for creating concerns about personal privacy.
"Global technology companies, like Facebook and WhatsApp, have built strong encryption into their platforms, as they understand that the threat of people or governments ‘listening in' on personal communications is real, and there is demonstrable value in platforms that promise protection via strong encryption," Ackerly said.
In countries where governments are violating human rights, platforms with strong encryption are critical to protecting the privacy, speech and ability for dissenters to assemble, he added. "Some governments do what they can to squash these dissidents by listening on communications that are intended to be private."
Labeling "strong encryption for personal use" a red flag perpetuates the idea that protecting yourself means that you have something to hide, when, in fact, it is – in many cases – the only reliable means of protecting your privacy, Ackerly told SC.
"Indeed, privacy is a human right and, as Americans, we have an opportunity and an obligation to set the right example for the rest of the world."
Ackerly added that the United States should strive to represent the best of democracy. "We should be setting a proper example by upholding and continuing to improve transparency and reform, like the USA Freedom Act, which helps prevent the creation of secret authorities through undisclosed, ‘novel interpretations of the law', often considered ‘secret law'.”
But, Ed Stroz, co-president of Stroz Friedberg an Aon Company, told SC Media on Wednesday that one of the main cybersecurity concerns facing the incoming administration is the expanding nature of current cyber threats,and this could mean reconsidering the definition of what constitutes U.S. critical infrastructure. "An expanded scope might include corporate and government data, and systems beyond these 16 sectors, on which a hack would have far-reaching consequences."
For Stroz, protecting assets takes cooperation, not just with industry partners, but with the government. Other concerns for governmental actors Stroz pointed out include the need to protect data integrity and the proliferation of misinformation; facilitating global public and private sector information sharing around cybersecurity threats; and conducting offensive cyber operations against adversaries."
