Mike Janke spent 14 years as a Navy Seal. He’s been around the block, so to speak. And the U.S. government’s decision to circumvent the controls in place to protect innocent citizens’ communications en masse has him scared right now. He’s scared because there’s one thing he knows for certain.
“There’s never been a power that a government has granted itself that it has later pulled back,” he said during a session at RSA 2014. “That’s like trying to figure out how not to pay taxes. It’s impossible.”
Janke, now CEO of year-old private communications service Silent Circle, was talking about the “Summer of Snowden” revelations during a Tuesday session at RSA 2014 titled, “Mission Impossible? Building and Defending Zero-Knowledge Privacy Services.” He was joined by Ethan Oberman of cloud-based synchronization and sharing service SpiderOak and Nicko van Someren, CTO of Good Technology, to discuss the new premium on “zero-knowledge” technology models that allow users to maintain complete control of their data access. In other words, business models in which the customer is not the product.
Oberman said the good news about the NSA revelations is people are more aware than ever.
“Snowden made this issue international, and people are more aware now than they’ve ever been,” he said, adding he recently “had a conversation with my grandmother about it.”
Now that people are paying attention to privacy and their data, it’s possible and important to shift the conversation to the realization that technology is part of our lives, whether that serves corporations or consumers, Oberman said. People with an understanding of technology can play a key role in which way the scale shifts.
“We don’t have to wait for regulations to pass to create technologies to prevent certain things from happening,” he said. “We get to do these things on our own without the government getting to say one way or another.”
In fact, regulations might not be the answer at all, the panelists said. We’ve got to be careful, or “we’re going to destroy the innovative engines that got us where we are today,” Janke said. “I don’t care if it’s Congress or the EU. Whoever is subverting the will of the people and putting at risk trillion-dollar industries … the people have to stop that somehow.”
The Answer Lies in Innovation
Van Someren said it’s unrealistic to expect the problem will be fixed by asking governments nicely not to spy on all of us in order to catch a small subset of the population. Instead, we should create technologies that will “fundamentally and structurally protect us against this sort of thing.”
Jenke agreed that innovation is key, telling the room their value add can be in ensuring that there’s a level of control that gets into the user’s hand. “Where the user says, ‘I’m okay with giving this [data] up, but this I am not,’” he said. And it shouldn’t require a CTO to figure that out.
“That’s what we as innovators can bring,” he said. “You want to leverage the services data can provide, but there are some parts of our lives we do want kept private, and understanding how these things work together is important,” he said.
Pushing The Ball Forward
Jenke said he’s more excited than ever about the zero-knowledge space, and especially for hardware.
“You’re gonna see some young kids around the world creating wearables, and the Internet of Things is going to transform your life even more,” he told the crowd. And such innovation is really good news for information-security professionals, he said, because innovation is traditionally 12-18 months ahead of security. And that means opportunity to fill the gap – for privacy pros, too.
“The things in our home, somebody has got to secure them,” Jenke said of such innovation as Internet of Things (IoT) toasters that can talk to blenders about power consumption and peak use-times. “These things are not built with security in mind. It’s folks like you that come up with how you do that. It’s more business for people like you.”
Van Someren echoed Jenke’s excitement, citing the democratization of innovation with platforms like Kickstarter, allowing people with good ideas to turn them into funded products, and opening the opportunity for people who know nothing about security and privacy to start buildings products on top of both.
Oberman said IoT innovation is already well underway. After all, there are now various IoT vendors building platforms with privacy and security baked in so that when innovators come along who actually want to build an Internet-connected toaster, the potentially precarious privacy implications are already thwarted.
“We call this building privacy from the ground up,” Oberman said, adding that while security is something that can be bolted onto a product as an afterthought, privacy isn’t the same.
“But if you build privacy as a platform, you’re building on something where you can control how information gets pushed around,” he said.
For example, his team has created an open-source app called Crypton, allowing app developers to build on top of it.
“Out of this can come a zero-knowledge API layer, in which apps can exchange data but the server doesn’t know what data it’s actually sorting,” he said. “And we are just one potential solution to this. One shift. Privacy is one of those things you really have to think about when you take your first step out the door.”
As for the future? Well, it’s looking good, Jenke said.
“I’m more optimistic about the future of security than I’ve ever been, because it’s just absolutely cool, the things that are coming out,” he said. “We will never have a total solution; we will always be here at 65th RSA event, when we’re 70, because there’s gonna be hackers and weak links.”
Read More by Angelique Carson:
From RSA: In Times of Distrust, Innovation and Collaboration Will Be Key
NTIA Holds First Meeting on a Facial-Recognition Technology Code of Conduct
Will the FTC’s Recent Safe Harbor Settlements Quench Europe’s Thirst for Increased Enforcement?
With Rodriguez Tapped for DHS, Who’ll Call the Shots at OCR?