Snowden Intervenes In The Encryption Debate

Uploaded on 2016-05-02 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

NSA whistleblower and privacy advocate Edward Snowden took part in his first public debate on encryption recently, facing off against CNN’s Fareed Zakaria, a journalist and author known for his coverage of international affairs.

Zakaria, in New York, defended the government’s right to access any and all encrypted messages and devices as long as there’s court approval. Snowden, speaking from safety over a live video-link from Moscow, argued the security of the Internet is more important than the convenience of law enforcement. The debate was organised by NYU’s Wagner School of Public Service and the Century Foundation.

Though Zakaria started off firm in his conviction that law enforcement should be able to get hold of all digital messages with court approval, he gradually conceded that it may not be that simple. Zakaria said he himself doesn’t actively encrypt any of his communications, assuming everything will be fine — though Snowden pointed out that, since he has an iPhone, some of his data and communications are encrypted by default.

Zakaria opened the debate by posing a hypothetical: Bank of America creates an “iVault” allowing anyone to store all their financial data totally encrypted. An embezzler could take advantage of that service to hide the evidence of their misdeeds, foiling investigators. “I understand within a democracy, you have to sacrifice liberty for democracy at some point. You cannot have an absolute zone of privacy,” he said.

Snowden agreed with Zakaria that absolute zones of privacy don’t exist, and that encryption does pose real problems for law enforcement. But he disagreed that universal access is the best way to solve the problem. “For the government to unlock everything there has to be a key to everything. Every other person in the world can find that key and use it too,” he said. “It’s a fundamental problem of science.”

Instead, he suggested, police should take advantage of the many other options available to them. He cited the investigation into the founder of Silk Road, an anonymous, encrypted platform for black market drug sales. In that case, a team of investigators caught the mastermind at the library after he typed in his password.

“Encryption is not an unbreakable wall,” Snowden said. “Or if it is, it is one we can get around, if we are patient, if we are careful, if we think and plan how to go about our investigations.”

By the end of the debate, Zakaria said he did not support the legislation proposed by Senators Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., which would mandate companies to immediately decrypt all communications when asked by a court. The bill has been heavily criticised by technologists.

And Zakaria acknowledged that if it was genuinely impossible for a company to decrypt communications, then the court should accept that, though it would be a “hard case.”

“If WhatsApp says we literally do not know how to write this code, WhatsApp could demonstrate to a court that they don’t have to do it,” Zakaria said.

He concluded by encouraging greater clarity about what kind of communications the government can and cannot access, before the next disastrous terrorist attack. “We do face real threats out there. There are people out there trying to do bad things. Once they happen, the government will be given carte blanche,” he said.

Snowden noted that former security officials now proclaiming the value of unbreakable encryption, including former NSA director Michael Hayden, had considered those questions carefully and had fallen on the side of computer security.
The Intercept: http://bit.ly/1SqWg

« Bangladesh Bank Hackers Compromised SWIFT
Driverless Trucks Are On The Way. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Brit

Brit

Brit PLC is a market-leading global specialty insurer and reinsurer, focused on underwriting complex risks including cyber, privacy and technology.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

cPacket Networks

cPacket Networks

cPacket’s distributed intelligence enables network operators to proactively identify imminent issues before they negatively impact end-users.

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Mitigate Cyber

Mitigate Cyber

Mitigate Cyber (formerly Xyone Cyber Security) offer a range of cyber security solutions, from threat mitigation to penetration testing, training & much more.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

Cenobe Cyber Security

Cenobe Cyber Security

Cenobe provides customized solutions to keep you ahead of potential threats and ensure the security of your organization's systems and data.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.