|I'm still curious what line the OPM hack in theory crossed?|
I see Susan Hennessey's piece as a way to try to begin to acclimatize the policy world that drastic changes need to take place. Her piece is on deterrence, but every part of the cyber policy community is heavily linked and in weird ways. You don't get deterrence without making some sort of grand bargain on crypto backdoors, in other words.
|The last line is telling. It is exactly worth pointing out that not only did the last policy fail, but that it failed in predictable ways for predictable reasons.|
For fifteen years we've had people at the top of the cyber policy food chain who only gave nominal support to the positions their technical community cared deeply about. Not only did the State Dept cyber team or the Obama White House cyber team not see or not care about the obvious ensuing chaos while it was signing the Wassenaar Arrangement. They didn't know who to call to ask about it even if they did care. It's essentially a sign of hostility to the technical community that they would ban penetration testing software without so much as sending a Facebook message to any of the companies in the States who sell penetration testing software. That hostility is the root cause of why we can't have deterrence, or other nice things.
But this has changed. There is hope, as General Leia would say. But that hope comes at the cost of acknowledging not just failure, but why we failed.