There’s an old expression, “I’ve met the enemy and he is us.” When it comes to cyber-security, “us” may just stand for “U.S.”
I’ve attended the RSA security conference for many years years and am accustomed to security professionals talking about the dangers from criminal hackers and hostile foreign governments. but this year there is a new Public Hacker #1, and its the U.S. Government.
The revelations from Edward Snowden not only shocked the political establishment, but they’ve had a deep impact on the security professionals who are speaking at RSA this year.
The RSA conference is going on this week at Moscone Center in San Francisco.
I attended all but one of the keynotes Tuesday morning and every speaker I heard commented about the NSA’s role in reducing trust when it comes to the security of our digital communications.
Nawaf Bitar, Senior Vice President of Juniper Networks and head of its security unit, said that we should be outraged. He pointed to examples of real expressions of outage like Nelson Mandela’s refusal to accept government conditions as the price for being released from prison or the anonymous man who put himself in front of Chinese military tanks during the Tiananmen Square protests in 1989. In contrast, he referred to most of our objections to what our own government is doing with our information as #FirstWorldOutrage,” saying it’s not enough to sign a digital petition or “like” a page from someone who objects to what the NSA is doing.
“We now know with stunning clarity how our privacy is being invaded, he told the thousands in the audience. “We’re complicit. Standing by and watching a crime being committed without stopping that crimes can be a crime.”
Bitar’s keynote was followed by a panel of some of the world’s leading cryptologists – the people who create the algorithms designed to protect our information.
Cryptologists vs. government hackers
Whitfield Diffie, one of the fathers of public-key encryption, said it was “disturbing that the NSA would tamper with NIST (National Institute of Standards and Technology) security guidance for the U.S. government. “Despite my conflicts with them (the NSA), I believed that they were 100% interested in security of American communications.”
And Diffie, who knows more about security than almost anyone on the planet, is not all that secure about today’s security. When one panelist joked that he keeps his passwords on a piece of paper in his wallet, Diffie responded, “your wallet is more secure than any computer you use.”
Another panelist, Adi Shamir, Professor, Computer Science and Weizmann Institute of Science in Israel suggested that only a “very small percentage of the world population” cares about privacy but that he is worried about “my data being kept by the NSA” as well as “the phone company, Gmail and all the other could services which make life convenient.”
Former top spooks on spooking
In another session, “Understanding NSA Surveillance: The Washington View,” panelists Richard Clark, who advised President Bush, Clinton and Obama as Special Advisor to the President for Cyberspace and National Coordinator for Security and Counter-terrorism, was critical of the NSA’s lack of transparency. Speaking about the 215 program that collects cell phone metadata, he said “When you don’t have transparency, their claims about (surveillance) being useful and stopping terrorism were BS (he spelled it out). He also questioned whether the program did any good, “If it hadn’t been there, the results would have been the same,” he said.
Another panelist, former NSA and CIA director General Michael Hayden defended the 215 program. He said it was just like a “program that began under me, and we found it sometimes to be useful, sometimes for negative knowledge.” By negative knowledge he meant confirming that Americans may not be involved in an attack or a plot. It was asked “if there was North Americans nexus” in the Benghazi embassy attacks, he said and “they did not show up in a database which makes it easier for the President to confine his response to the Middle East.”
Clark questioned that logic. “I would never have said that I proved there is no threat if I sampled only 25% of the data. He earlier said 75% of U.S. phones are not monitored. Clark was one of five people on The President’s Review Group on Intelligence and Communications Technologies, which issued its report in December.
Edward Snowden may be in exile in Russia, but his presence is being felt among the security professionals gathered in San Francisco.