Art Coviello: Attacking Anonymity, Just In The Right Places

Privacy has never been a simple topic. It has been made more complex by the Snowden revelations on mass global spying, not just by the US and Britain – through the NSA and GCHQ – but by almost every major Western power.

Polemicists from governments and human rights groups are at loggerheads, the former defending snooping as a necessary evil, the latter saying intelligence agencies have gone too far. Little in the way of compromise has materialised.

It’s no surprise then that Art Coviello, who heads up RSA, the security arm of storage giant EMC, offers something of an ambiguous defence of a grand claim he made last week, namely that “anonymity is the enemy of privacy”.

‘Anonymity not the same as privacy’

Despite what he said during his brief keynote during RSA Conference 2013 in Amsterdam, Coviello is not wholly against anonymity. He doesn’t want to bring down Tor or uncloak activists who use such tools to hide their tracks from repressive regimes. No, Coviello solely wants anonymity to be eroded in the workplace.

“It was clear to me I was describing anonymity in the context of an organisation, not anonymity in the context of some person at home,” he tells TechWeekEurope.

“Within an organisation there are other larger responsibilities that are at stake. You have a responsibility to your employer, your company has responsibility to you and responsibility to its customers.

“If there’s total anonymity you’re giving that anonymity, you’re giving the attacker a shield with which to take advantage of the company, the customer’s company and perhaps even you. To me that makes, in that sense, anonymity the enemy.

“Anonymity and privacy are not the same thing.”

Coviello says it’s possible to have security and privacy “if we have transparency and governance”, ostensibly agreeing with activists asking for accountability from governments and intelligence agencies, but also promoting better monitoring of corporate networks.

He thinks RSA technology, like the Archer risk mitigation policy tool, could also be used to protect the privacy of workers. “The same tools that monitor abnormal behaviour could monitor for governance… we can create a technological solution for this.”

Commercial agenda

It’s at this point, though, that something clicks. Coviello, understandably, has a thinly-veiled commercial agenda here. He has occasionally, by his own admission, had trouble selling RSA’s intelligence kit to customers who are concerned about the potential for breaching privacy laws. Even though it can carry out analysis of network traffic without having to pinpoint a person’s identity, some have been afraid to deploy the technology over fears of breaching privacy laws.

By not deploying intelligence-gathering code, he argues, companies are allowing anonymity on their network and therefore allowing crooks to plant themselves on systems and do whatever they like without being caught. To this interviewer, it’s clear at this point that Coviello isn’t really talking about anonymity in the traditional sense. He’s frustrated that companies aren’t monitoring their networks as much as he’d like, to uncover anomalies, or workers sending out corporate information to secret places.

What of whistleblowers then? If one cannot anonymously reveal one’s employer’s wrongdoing, will that not just let businesses get away with egregious acts? Coviello offers no response on this issue.

Despite Coviello’s anti-anonymity drive being partly commercially driven, he is at least talking about privacy and the recent furore surrounding surveillance, something many other traditional vendors  ignore. “What I’m trying to do here is get a civil discussion,” he tells me. “People are so unwilling to even have the discussion that I worry that we kill the proverbial goose that lays the golden egg. All of this technology we are the beneficiaries of will not continue to roll out if we can’t create more trust. And we will miss a phenomenal economic opportunity.

“If we don’t get a handle on the privacy of individuals, what chance do we have of getting nation states to behave responsibly on the Internet. I’m not talking about spying per se, but I am talking about theft of intellectual property and respect for rule of law.”

Hot air

Yet leaving Coviello’s suite in the heart of the Dutch capital leaves me feeling cold about the whole surveillance situation. Saving privacy, or what we have left of it, seems to be such an intractable problem, with so many different stakeholders with different beliefs, from governments and their suppliers to human rights organisations and activists, that there are few answers

Many say that at least Snowden has brought about a debate. But what if it all just amounts to hot air, as it has done so far? What if, in the end, the young man’s explosive revelations only lead to more talk, more silence, more secrets? When it comes to action, we can expect little more than a stalemate. In other words, a victory for those controlling the structures of power.

Shhh! Don’t look at our whistleblowers quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago