Microsoft's Top Lawyer Voices Support For Encryption At RSA

Brad Smith, Microsoft's president and chief legal officer, emphasized the importance of maintaining consumer privacy during his keynote at RSA 2016. He also emphasized his company's support for Apple against the FBI.
Windows 10 PCs, Tablets, Hybrids Take MWC Spotlight
Windows 10 PCs, Tablets, Hybrids Take MWC Spotlight
(Click image for larger view and slideshow.)

When it comes to security, Microsoft's top lawyer is doubling down on encryption.

"The path to hell starts at the backdoor," said Brad Smith, president and chief legal officer at Microsoft, in his keynote at the RSA 2016 cyber-security conference.

Smith spent much of his keynote addressing the importance of encryption and strong cyber-security practices at a time when digital security and national security have become intertwined. We've come a long way from the time when "cyberspace" was separate from reality, he explained.

Now, real-world news begins online: People go to the Internet if they want to influence global events. The breaches at Target and Sony are two of countless instances exemplifying the power of malicious technology to cause widespread damage in the digital age.

[The US Department of Defense is boosting security with Windows 10.]

"There is no such thing as national security in this decade without cyber-security," Smith emphasized. "We cannot keep people safe in the real world if we do not keep people safe on the Internet."

The key is to establish users' trust, which serves as the foundation of the entire tech industry. While there are several pieces to the puzzle of building user trust, encryption is the most critical.

"When it comes to security, there is no technology that is more important than encryption," Smith stressed. "We need to ensure encryption technology remains strong."

Smith called for the start of a debate and for collaboration among businesses because, he explained, none will be successful on their own. Smith cited Microsoft's solidarity with Apple in its FBI legal battle as an example.

Apple is currently fighting a federal order to unlock an iPhone used by one of the suspects in the Dec. 14 San Bernardino terrorist attacks. It has rejected the demand to build a new version of iOS designed to compromise security and enable the government to unlock the phone by brute force to find its passcode.

Several tech companies have voiced support for Apple, which claims building this software would have disastrous consequences for user security. Smith announced Microsoft's support on behalf of the company in a hearing held last week, and reemphasized its position at RSA.

Microsoft is no stranger to government requests for information, and the company has complied in the past. In the weeks following the November terrorist attacks in Paris, the company received 14 orders for information on terror suspects. The requests were deemed lawful, and Microsoft submitted the information for each one in fewer than 30 minutes.

However, Smith also acknowledged the importance of standing up for customers.

Microsoft is also engaged in a legal battle with the US government concerning user data stored on servers in Ireland. The US Justice Department served a search warrant for user emails, which Microsoft believes should not be accessed without approval from the Irish government.

When the government wants to conduct an investigation on a legitimate business, it should subpoena the business and not the cloud service provider. "Cloud computing should not change this balance," he noted, and businesses should know they can defend themselves.

Smith maintains the balance between privacy and security should be struck by those elected and suggested the creation of a team of experts to advise Congress on encryption.

"Technology has moved forward. Technology will need to keep moving forward," he said in closing. "We need to debate, because the world is going to trust technology only if the law can catch up."

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.