Infosec pros aren't too bothered by Trump – it's his cabinet sidekicks you need to worry about
Crackdown on H-1B abuse is fine, backdoors no way
BSidesSF We're less than a month into Donald Trump's reign in America, and so much has already kicked off. Since we're at the BSides San Francisco infosec conference this week, we asked security pro here to "rate my president."
And we'll be honest: many attendees see some good in his appointment, although there is concern about who he has picked for key positions.
“Honestly, I think he’ll be good on some things,” said one US-native attendee, who said he didn’t vote for Trump nor for Clinton. “The H-1B visa situation needs to be sorted out – the outsourcers are killing us in salary negotiations.”
H-1B visas, reserved for highly skilled foreign workers, have been used by various tech giants to bring in staff on the cheap. More than one attendee has had direct experience being pushed out of a job by an outsourcing biz that shipped in lower-paid staff under the visa system.
There are clearly a lot of people who are feeling sore about unfair H-1B visa competition. Not one of the people we spoke with said they had any confidence in the Democrats to fix the issue. Instead they’re hoping Trump will shake the system up to the benefit of US staff.
That said, there are plenty of people worried about a broader immigration ban that could hurt cross-border security conferences such as this one. BSidesSF isn’t too badly affected, since most people here are local, but some predicted any crackdown on visitors’ visas could hurt other conferences.
As to whether Trump benefited from Russian hackers influencing the national debate, very few people seem to be bothered by the accusations. Most infosec people here just accept that nations screwing around with other countries is a fact of life – “We’ve been doing this to other countries for years,” one said. “Don’t dish it out if you can’t take it.”
No backdoor action here, please
However, delegates (or participants, as BSides puts it) are seriously concerned by some of Trump’s cabinet picks – in particular Attorney General Jeff Sessions. In pre-confirmation congressional testimony, Sessions said that he supports backdooring encryption for law enforcement.
The idea hasn’t so much split the security community as brought it out almost entirely on one side. As with previous investigations, the view here is that it’s almost impossible to find someone who believes you could introduce a backdoor into encryption that others couldn’t find.
Were such a golden key to exist, it would be unlikely to remain secret for long. In his presentation, Jason Truppi, a former FBI investigator, pointed out that he had trusted his biometric data to the Office of Personnel Management and – post hack – now can’t use fingerprint recognition without the knowledge that someone has a .BMP file of his paw prints in their database, because OPM stored those unencrypted.
Reconfirmed FBI director James Comey has declared that this is the year he wants to see an “adult conversation” on backdooring. With the AG and Trump behind him, he might be able to force his way.
Also of concern is the appointment of John Kelly as new boss of the US Department of Homeland Security. Kelly said the agency is considering forcing people to hand over passwords to private social media accounts if they wish to enter the US on a visa.
“He hasn’t thought this one through,” said Austin Carson, executive director of IT think tank TechFreedom. “Sure, we can demand passwords, but then so can everyone else in the world and they will get a lot more out of that than we will.”
In the meantime however, Trump’s executive order on immigration doesn’t seem to have had that much of an effect so far. One Hindu British Asian network manager at the conference told The Reg that he’d never had a faster trip through customs than this latest one.
“Sure, they ask about a minute’s worth of extra questions about Syria but I had no problems,” he said. “Mind you, that could change.” ®