When wide spread surveillance by the NSA was revealed by Edward Snowden it started a storm of debate around privacy and the destruction of trust in the technologies supporting privacy on the Internet. The debate intensified when allegations surfaced that RSA had taken money in exchange for weakening the Dual EC DRBG encryption algorithm. All of this spilled over to the 2014 RSA Conference being held in San Francisco.
Speakers cancelled their talks in protest to the allegations, protesters hung a sign over the side of the Moscone Convention Center claiming “RSA <3 NSA”, and a rival conference call “TrustyCon” was offered an alternative to the RSA Conference. All the while a record number of attendees were filing in to hear the keynote addresses ready to address these hot button issues.
What was unknown by the keynote attendees was a stark contrast in delivery was looming between Art Coviello, RSA Executive Chairman and Nawaf Bitar, Sr. Vice President and General Manager at Juniper Networks.
Art Coviello, Executive Chairman at RSA was the most anticipated speaker and was first on stage. Trust was quickly addressed and he took aim at the NSA by stating trust cannot by exploited within the security community. He then called for change within the NSA to separate and spin-off their defensive Information Assurance Division (IAD) from their intelligence gathering mission and move IAD to a new oversight model separate from the NSA.
Mr. Coviello then laid out a four (4) point plan for a safer and more trusted Internet;
- Renounce the use of cyber weapons, and the use of the Internet for waging war. He called on the same rules for cyber war as those guiding nuclear and chemical war.
- Cooperate in the investigation, apprehension and prosecution of cyber criminals. Without immediate, consistent and sustained cooperation cyber criminals have the equivalent to safe haven.
- Ensure that economic activity on the Internet can proceed unfettered and that intellectual property rights are respected. He calls for the Rule of Law for the benefit of all in productivity in commerce, research and communication.
- Respect and ensure the privacy of all individuals.Equating personal information as the currency of the digital age, Mr. Coviello stated it is important this information is not exploited and fundamental freedoms are protected by Government through balancing a fair governance model and transparency.
Mr. Coviello ended by calling on all Governments to adopt his four principles and called on the security industry to create and adopt secure frameworks and technologies to ensure a more trusted digital world.
Nawaf took the stage and came out swinging. His attention grabbing speech titled “The Next World War Will be Fought in Silicon Valley” was a blunt call to action to be outraged over the destruction of privacy.
As he continued the theme of trust and privacy being eroded he connected the dots of more frequent and severe cyber-attacks as having an inevitable end of jumping the “fire road” and ending in real people dying. He laid out a scenario where air traffic control towers being compromised causing aircraft to crash causing the United States to act militarily.
He continually decried the complacency around the erosion of privacy and attacks on sensitive data calling attacks on privacy “outrageous.” He offered a blunt assessment of the population by saying “I don’t think we give a damn. I am fed up talking about outrage, it’s easy to talk about outrage.” Mr. Bitar decried fake outrage by stating “liking something on Facebook or retweeting does not equal outrage.” He defined this type of fake outrage as first world outrage. He then said we face a great threat of “apathy” by standing by and watching our privacy eroded.
Mr. Bitar commented that only when real values, family and money, are attacked do we get outraged. But it is time to add information to the list of things to be outraged as “data is one of our most prized possessions and we should treat it as such.”
Even with the differing approaches to the subject matter then message was consistent – Government erosion of privacy and trust cannot be tolerated. A seismic shift in how governments approach cyber warfare and cyber criminals is needed for the Internet to prosper for all in the future.
We are in uncharted territory and the current unsustainable path of cyber warfare and crime is unsustainable and the true consequences are yet to be truly understood. A very clear choice has been presented – Governments must come together, rebuild trust, respect privacy, protect intellectual property rights, redefine rules of cyber warfare and move forward for the good of all, or choose the current path and fight a very real war.