In an engrossing talk at the DNA Lounge on Monday, Soghoian spelled out the security dangers in the wake of Edward Snowden’s revelations last year and went onto urge the technical community to respond to government demands, made via coercion, bribery and threat to get their hands on encryption keys, by coming up with different models that make sure this isn’t possible.
As just one example, he said that developers and companies could distribute tools and expertise across multiple national jurisdictions.
The premise of the presentation, “When ‘trust us’ is not enough’ : Government surveillance in a post-Snowden world’, was simply that the government has demonstrated through its actions that it will do whatever it deems necessary to break private encryption.
As Soghoian noted, this not only includes forcing companies such as Skype, which had boasted of its security, and the long list of other tech companies to allow back door access. It also extends to demanding companies such as Lavabit, specifically set up to provide encryption outside the reach of government, to change their product – and effectively destroy their business by undermining its initial premise.
The same approach is expected to be taken with newcomers such as Silent Circle, which will likely be asked to change its product before it is launched – but as a small company it does have the option of moving elsewhere – unlike tech giants such as Microsoft, Google and others – who invariably have complied.
Soghoian certainly didn’t hold back from criticising the bigger players, and noted that Google chairman Eric Schmidt has previously made comments hinting at government cooperation over data. RSA’s decision to accept payment for compromising its encryption also came in for particular criticism.
BSides runs alongside the RSA conference, which has seen some speakers drop out in protest of the surveillance in recent weeks. Some boycotting companies are supporting the new Trustycon event, one of which is the Electronic Frontier Foundation, the non-profit organization which supported BSides at the event, where it sold anti-NSA merchandise.
Despite the bad publicity over its relationship with the National Security agency, Art Coviello, executive chairman of the RSA, told SCMagazineUK.com prior to the show that he remains confident that any proposed boycott will have little effect on overall numbers.
“We are expecting more visitors than ever – more than 25,000 and perhaps up to 30,000. So we aren’t worried about the boycott. I don’t expect it to hit us next year either.”