Businesses should pay just as much attention to their privacy measures as they to security, according to Pretty Good Privacy (PGP) and Silent Circle founder Phil Zimmermann.
Zimmermann, in London for UC Expo, told TechWeekEurope that the recent Sony hack demonstrated the business case for ensuring the collective privacy of a company and that intelligence and law enforcement agencies were living in a “golden age of surveillance.”
“The damage done by loss of privacy is well-illustrated by the Sony incident because a lot of individuals’ privacy was violated in that incident. Look at the movie scripts that were stolen from Sony – those should have been encrypted with PGP. The individual emails that violated the privacy of actors -those should have encrypted.
“I’m sure Sony had firewalls and intrusion detection – the usual kinds of tools that IT departments at big companies have – and yet those kinds of protections invariable fail. In a large enterprise with thousands of workers and thousands of machines – somewhere you can find a way to get in. Individuals can protect their single computer or smartphone with various tools.
“WhatsApp is using a form of encryption that’s well designed. [Silent Circle has] a text encryption product, we’re working on improving that. It’s possible to make good end-to-end encryption tools that don’t depend on the back end IT systems not being compromised.”
Zimmermann said the exposure of mass surveillance programmes by Edward Snowden had made many people aware of the value of privacy, but said he wasn’t sure if this was true of the entire population. He cited a recent segment on the Last Week Tonight with John Oliver programme on HBO in the US, in which many people interviewed on the street did not know who Snowden was or had misconceptions about this activities.
“They’re complaining encryption interferes with law enforcement but people in the intelligence and law enforcement are enjoying a golden age of surveillance,” he said. “There’re millions of cameras across the UK, in the US and all over China and these have facial recognition so you can track individuals as they walk down the street.
“All this data is fused together. They have such a breath-taking ability of pervasive surveillance. They’re complaining about a few missing pixels on the big screen.
“I think it’s crazy to deny everyone access to strong encryption just because bad guys can use it. Bonnie and Clyde would rob a bank and jump into their cars and drive very fast across state lines. The police were unprepared for that kind of behaviour. The police at that time were calling for smaller gas tanks to be made in cars and some even said people shouldn’t be allowed to purchase cars at all.
“All kinds of technologies can be of benefit to criminals. The 9-11 hijackers purchased handheld GPS receivers because the navigation systems on the aircraft were able to navigate to airports but not the World Trade Centre or the Pentagon.
“Should we stop selling GPS receivers so hijackers can’t buy them? Should that be our response? I don’t think so. The whole of society and the economy benefits from portable GPS receivers.”
But if mass surveillance saves lives, can it ever be justified?
“I don’t know, but is it worth it?” he said. “Can the information can be gleamed in other ways or can situational awareness be maintained about terrorism using human intelligence? You have to look at the overall cost to society.”
“Traffic analysis is very difficult to protect against” said Zimmermann. “It keeps track of who you’re calling, how long you were talking for and when you were talking to them. Even if they can’t wiretap the content of the call, the rest of the information is still there.”
Zimmermann has also been heavily involved with the creation of the Blackphone, a privacy-oriented smartphone that uses the custom PrivatOS to encrypt communications. A successor to the device has been announced, as has the first Blackphone branded tablet, and demand for the handset has apparently been high.
“We expect that one to be very popular,” said Zimmermann. “We’re getting a lot of interest from enterprises about it. One of the reasons why we built the Blackhpone is because in all my years in crypto, people have often asked the question ‘Is this NSA-proof?’ It is possible to make good crypto protocols but you’re always at risk on the platform you’re running on. We thought the best way was to build the protections into the platform.”
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
While I'm a huge fan of Zimmermann, I don't see how WhatsApp's form of encryption is well designed by any standard. There isn't even a way to verify that messages are actually encrypted (http://security.stackexchange.com/questions/79070/how-do-i-verify-that-whatsapp-is-using-end-to-end-encryption).
IMO, a messenger can only be considered secure if a means of verification of its encryption is provided (cf., e.g., Threema's Validation Logging: https://threema.ch/validation/).