Blog Op-Ed piece submitted by The New Oil

One principle I will die on in my career as a data privacy and cybersecurity educator is that I leave my political opinions at the door. I firmly believe that everyone is owed and deserves privacy and security, no matter how they vote and what their political views. This is not a partisan, political issue. This is a human right. I may throw out an opinion from time to time, but trust me that none of you have seen the full extent of my political opinions and you will never will in this setting. And that is why I am so upset with this recent development.

On Tuesday, November 17, 2020, US President Donald Trump fired Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA). One thing Trump has done in his time in office that I wholeheartedly approve of was the founding of CISA. It was a much needed, long overdue agency in the US and while I don’t know how effective it’s been, frankly I’d rather have a useless agency that exists than an empty void where it should exist. It’s a start. And then he did this.

“Hey Nate, isn’t it a little overdramatic and partisan to say that Trump screwed us all by firing Krebs?” No. Because Trump just made cybersecurity a partisan issue by doing that. In the US – and around the world – we are suffering a crisis of trust. We don’t know what’s real and what isn’t. Most people are trapped in echo chambers like Facebook and Twitter where misinformation gets amplified back to them continually to try to keep them engaged and in front of ads. Even those who attempt to break out of the chamber are met with contradictory stories. I’ve seen news outlets post directly-contradictory headlines covering the same stories. I’ve even seen some “news” outlets make a claim and cite their source, but when you follow the source the claim is nowhere to be found. It’s impossible to sort through the truth and fiction without making it a full time job. And then this.

Trump fired Krebs over CISA’s statement that the 2020 US Election was the most secure in American history, calling the statement “highly inaccurate”. There are dozens of points and tangents I could go off on about undermining the confidence of the vote, the effect this will have on democracy in the US, and more but the fact all comes back to Trump turning cybersecurity into a partisan issue. He could’ve simply disputed Krebs on Twitter like he did. He could’ve ignored him. He didn’t have to fire Krebs. But he did because he wanted to make a statement about how wrong he believes CISA to be about this. And look, I’ll throw it out there: if Trump does present evidence, I’ll eat my words. I’ll issue a public revision recanting this article and pointing out that Krebs is actually the dirtbag making security a partisan issue and he sucks. I know, some people are already claiming there’s evidence, that’s another argument for another time and place, but long story short I’ve yet to hear any convincing claims personally. And that’s the point I’m talking about. I’ve heard a lot of the right’s claims about voter fraud and I don’t find any evidence. Maybe you reading this are convinced. We’re suffering a crisis of information. Who’s right? Who’s credible? I don’t know. I don’t claim to be right. I don’t see any evidence but I’m not a lawyer. I’m not qualified to make that judgment. I just know what I’ve read and seen and think. I’ve been wrong before.

And now Krebs was fired for issuing a “highly inaccurate” statement. And the confusion only intensifies in what should – theoretically – be an objective, non-partisan issue. Cybersecurity should not be an opinion piece. Security should not be linked to who’s in office. A strong password protects my email account just as much as it protects Alex Jones’ email account. Two-factor authentication doesn’t give a damn about who you voted for. Even the high-level security issues that CISA tackles should not be political. Election machine security, national cyber defense, ransomware, and other related topics should not be about red or blue. And personally, I think that if the machines weren't secure (which they probably weren’t, really), then it should be pretty damn easy to roll one into a courtroom and demonstrate it. Have you ever seen a bug report? It usually comes with steps on how to replicate the bug.

Security can sometimes be personal. Do you prefer Bitwarden or Keepass? Do you prefer a Yubikey or a software token? But the fact is that Trump made a statement by choosing to go so far as to fire Krebs, and that statement was “security is now a partisan issue”. So now the work of people like me and this site has been set back by years because a human right has now been turned into a political issue. A few decades ago, those bleeding heart liberals had crazy ideas about allowing blacks to vote. Now, we have this crazy idea that maybe you should be in charge of your own data. If Trump can prove fraud, he should’ve waited until then to not only fire Krebs, but charge him with something for lying and falsifying the reports. But until then, all he did was turn this into yet another needlessly political division. Thanks, Trump. You did some good things in office, and I appreciate them, but you really screwed the pooch on this one.

Article received from and published on behalf of regular blog contributor, The New Oil

Share this post