A lot of people are performing a series of factually disconnected but contextually interconnected actions these days, most of them prompted by:
– Glenn Greenwald publishing his book No Place to Hide, along with a number of new documents from the Snowden Trove (link: http://glenngreenwald.net/#BookDocuments)
This is connected to the following:
– Schneier proposes splitting NSA into “Surveillance” and “Espionage” here: https://www.schneier.com/blog/archives/2014/05/espionage_vs_su.html
– Cisco goes on record with a brand new proposal meant to re-establish global trust in their brand and products: http://blogs.cisco.com/news/internet-security-necessary-for-global-technology-economy/
– EU enforces “right to be forgotten” http://www.bbc.com/news/world-europe-27388289
– NIST invites outsiders to review their Crypto standards and process: http://www.nist.gov/director/vcat/vcat-051414.cfm?utm_source=hootsuite&utm_campaign=hootsuite
– US court forces Microsoft to hand over data stored on Irish server: http://www.theguardian.com/technology/2014/apr/29/us-court-microsoft-personal-data-emails-irish-server
As an EU citizen, the whole circus surrounding what the (Insert 3-letter agency here) is allowed or not allowed to do inside the US doesn’t really interest me. How this affects me, as a European and as a global citizen, it does interest me how US policy changes balloon out into foreign policy and blanket surveillance.
From my EU/global perspective, the main take away’s are the following:
1) We are starting to see real worry from global US companies, worry that may even potentially be constitutionally inspired and not just profit-inspired. This is good, since right now, as a non-US citizen, it’s hard to put any trust in any US product or service whatsoever.
2) Informed debates now include questions of allowing countries to spy and of over-reaching global surveillance.
3) More and more, we all seem to agree that weakening security products and standards hurt us all.
4) Multinationals are being put between a rock and a harder place, because in trying to become LEA compliant, they are simultaneously breaking a law in one place while satisfying one in another.
5) The UK, via GHCQ, and to a lesser but still significant degree, European members of the 5-eyes, are still collecting and then handing over data to the NSA, a process that is in breach of National and EU law.
As a father, I want my kids to grow up with as much privacy and security as possible, in an IoT where we know we fought the fights worth fighting. One of those fights is going on right now, and I think we should fight it. Fighting means debating and arguing back and forth with the goal of reaching some kind of consensus that allows us all to get as much out of the Internet as possible while compromising and exposing ourselves as little as possible. Let’s fight to regain and rebuild trust.
As an employee I want to help protect my company to the point where I can tell my boss: “We are secure from intrusions”. This also implicitly requires trust. But having to seriously do risk-analysis before making a purchase with the purpose of deciding which backdoor to choose is just not cutting it for me.
It seems it all keeps coming back to trust. I’ll never forget watching Mr. Bruce Schneier walk on stage at the RSAC in London 2013 and speak for almost an hour about trust. Speaking without any
PowerPoint, and doing it magnificently. Let’s put the T, the r and the t back in TRUST, so it’s not just US citizens who have rights.
+1 / upvote/like for being naïve and having hope?
Claus Cramon Houmann | IT Security Consultant | @ClausHoumann
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.