Is there Security and Privacy on the Web?

Hosted in the smallest room at the GES, the session on “Ensuring Cybersecurity” was so well attended there was no space for extra seating. Panelists Illias Chantzos (Symantec), Daniel Domscheit-Berg (Internet activist, developer), John Lyons (CEO Cyberdefense Alliance) and Jamie Shea (Cybersecurity NATO) held a  good and lively discussion in the limited time available.

(CC-BY-2.0) by jared

In the first half, they discussed the challenges of cybersecurity such as bring-your-own-device (BYOD); the complexity of handling different networks and dealing (on a multilateral level) with disparate standards and conditions in every single country. But besides the technical side of things, it became clear just how very complicated it is to persuade companies and governments to share their knowledge and cyber capabilities. While it is common practice in NATO to share information about weapons or even supply partners with actual weapons, there is no exchange among partners on individual cyber capabilities and possibilities.

It all seems to be a matter of trust – but I would ask: If even allies don’t trust each other – and the surveillance scandal at Belgacom involving the British GHQD is just one compelling example of this  – then how can private persons or companies trust governments all around the world? This is not only about China which, as the audience and panelists pointed out, has a really strong focus on stealing intellectual property, but also about the U,S. and Great Britain, both countries which systematically violate network security all over the world in the name of their own sacrosanct National Security. Unfortunately, the topic of surveillance was cut short at this point.

Daniel Domscheit-Berg, an internet activist (WikiLeaks) and software developer was the challenger on the panel who spoke in favor of privacy. He claimed that nowadays nobody is really able to trust the software and hardware they use – everything comes out of a mysterious black box.

Daniel Domscheid-Berg: “We need a fundamental debatte about the security of devices and software” #cybersecurity #GES2013

— Florian Bontrup (@BonniF) October 1, 2013

Daniel pointed out that the documents leaked by Edward Snowden strongly suggest that the NSA has built backdoors into encryption standards and could well have corrupted the production process of computer chips in order to get access to every encryption process worldwide. So what we are facing is a complete breakdown of trust. To address this, he proposed that more and more hardware should be tested and verified by independent developers to enable people to trust in the services they use. Sadly this was a proposal that none of the other panelists took up.

So how do we deal with cybersecurity? This is an issue that has increasingly come to the forefront, and everybody agreed that politicians and company leaders are now much more aware of it than they were 3 years ago. But is such heightened awareness enough? I guess not. Nowadays nobody can really be sure of their online security or that their private data really does stay private. None of the experts on the panel believed that the cloud is a really safe place and of course their lack of confidence has major implications. It might seem provoking but it is simply true that there is only a certain level of security on the web and that level is pretty limited. So what can we do?

Cyberactivist Daniel Domscheit-Berg doesn’t own a smartphone or a tablet. Now is this the only solution to secure your data? #GES2013

— Mario Sorgalla (@mariosorg) October 1, 2013

Maybe we should all follow the example of the expert on encryption and privacy on the panel Daniel Domscheit-Berg who does without a tablet or a smartphone. But as the tweet by Mario Sorgalla above underlines, this is not exactly the most attractive option for most of us.