RSA Boss Angers Privacy Advocates

judgecorp writes "RSA boss Art Covielo trod on the toes of privacy proponents' toes at London's RSA 2012 show, by accusing them of faulty reasoning and over-stating their fears of Big Brother. By trying to limit what legitimate companies can do with our data, privacy groups are tying the hands of people who might protect us, he says. 'Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother.' Ever-outspoken, he also complained that governments and cyber-crooks are collaborating to breach organisations with sophisticated techniques. In that world, it is just as well vendors are whiter than white, eh?"

"Protect us" is in the eye of the beholder

[crazyjj]

It's hard to criticize his opening remarks, as he was so vague and rambling (even if you RTFA, it's difficult to tell who exactly he's criticizing or what's he's proposing as an alternative). I would say this though: any company or entity that HAS information is always at risk of abusing it. Some entities are more likely than others to abuse it, but even the most conscientious of companies/agencies is made of up individuals. And individuals have been shown time and time again to be inconsistent and unreliable when entrusted with power and information (I believe Penn & Teller once did a delightful demonstration of that on Bullshit). The best solution is always to keep other parties from getting your information in the first place, as much as it is feasible (not to the point of paranoia, but enough to make reasonably sure that you're not just opening your zipper to someone else either).

But I do certainly agree with him that "governments and cyber-crooks are collaborating." That's almost a "no shit" assertion. China, the U.S., Russia, and Israel are almost certainly doing this (likely Iran, Turkey, the UK, etc. as well). But this is hardly anything new. Intelligence agencies have been cooperating with and utilizing criminals and lowlife types since the beginning of civilization. It's hardly breaking news that they would be doing this on the cyber-front as well.

Re:"Protect us" is in the eye of the beholder

[fustakrakich]

It's not merely a 'risk' that they will abuse it, it's a given, if they think they can get away with it. This applies to all forms of power/authority. I prefer total transparency, but we must strongly restrict how information is used against us. This would be the major problem.

Re:

[Voyager529]

It's not merely a 'risk' that they will abuse it, it's a given, if they think they can get away with it.

Thank you; with that sentence, you just flung yourself headlong from "reasonable argument", which the GP was promoting, straight into "paranoid conspiracy theorist whackjob".

That entirely depends on how you each define 'abuse'. If Acme Marketing Firm has data about me and 50,000 other people to provide aggregate statistics and trend analyses, and they sell those stats and trends (or a product or service derived therefrom) to Foo Soft Drinks, but have not gained my consent to do so, is it abuse?
If Slim Shifty's Facebook-Got-Nothing-On-My-Info service has enough data on me to sell an individual marketing profile to Foo Soft Drinks as to how Foo can best sell their sugar water to

Re:

[Jane Q. Public]

"It is paranoia to have a reaction to Acme's use of my personal data, based upon how it is used, if that reaction is similar to how Slim Shifty uses that data. It is folly to have the opposite reaction to the opposite use of data."

The problem is that it doesn't work that way.

As the Yahoo data dump showed many years ago, there is no such thing as "anonymous" data. Even if Company A "properly" anonymizes their data, when they sell it, Company B can put it together with other "anonymous" data, and use algorithms to pinpoint just exactly who you are, where you live, etc.

So don't be so quick to chastise people for being "paranoid". Their concerns are real.

Re:

[fustakrakich]

Sorry, all the studies, and history itself, have already confirmed my point. Authority must be watched closely and challenged often, or it will go berserk, as it has 100 percent of the time, without fail. It's just a simple fact of nature. Feel free to point to any evidence that proves otherwise.

Re:

[HPHatecraft]

It's hard to criticize his opening remarks, as he was so vague and rambling (even if you RTFA, it's difficult to tell who exactly he's criticizing or what's he's proposing as an alternative).

Glad that someone said it. I had a difficult time comprehending the article -- it was poorly written.

The best solution is always to keep other parties from getting your information in the first place, as much as it is feasible (not to the point of paranoia, but enough to make reasonably sure that you're not just opening your zipper to someone else either).

People are remarkably plastic with ethics and morals -- it seems sometimes that no one is willing to consider: "would I want this done to me? Therefore, I shouldn't visit x upon this (person|group|etc)." This has something to do with distance and depersonalization of the victims -- "It's just their name, address, primary email, and credit card purchases from 2010. It's not actually hurting anyone." Also, men

Advice from your mom.

[bmo]

"But mooooom! The other kids are stealing information too!"
"If the other kids all jumped off the Tappan Zee, would you?"
"No, but mooom, it's not faaaaaaaaaaair!"

--
BMO

Edit summary, please.

[E. Edward Grey]

I read this summary three times and I'm still struggling to figure it out.

Re:Edit summary, please.

[bmo]

He's upset that the government and criminals just willy-nilly ignore privacy advocates, while privacy advocates hold his company's feet to the fire on privacy rights.

Because his company should be allowed to be just as crooked as the governments and criminals.

It's all so much schoolyard whining and toddler mentality.

--
BMO

Re:Edit summary, please.

[fuzzyfuzzyfungus]

It's especially amusing if you remember back to the... entertaining... role that RSA played in the (to the best of my knowledge still unsolved) breach of a number of big name defense contractors. RSA retained copies of all the seeds used to fill RSA fobs shippped to customers, and then got cracked by parties unknown, who were subsequently able to compromise RSA's customers.

He's about the last person in the world who should be opening his mouth about how companies keeping more information on us can make us safer...

Re:

[Anonymous Coward]

Try going to the secondhand source instead of the thirdhand.

Coviello, whilst noting the need for privacy, lambasted privacy groups’ “knee jerk” reactions to public and private sector attempts to improve people’s security, pointing to the “insanity” of the situation, in a keynote to open the RSA 2012 conference in London this morning.

In Coviello’s view, privacy advocates are over-reacting to measures designed to protect online identities, preferring to live in a world of danger: “Because privacy advocates don’t realise that safeguards can be implemented, they think we must expect reasonable danger to protect our freedoms,” Coviello said.
“But this is based on dangerous reasoning, a knee jerk reaction, without understanding the severity and scope of the problem.
“Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother?”

A better summary: RSA guy annoyed that privacy groups oppose lots of ideas as Orwellian before analyzing the details of any plan.

Re:

[bluefoxlucid]

What attempts to improve peoples' security are we talking about here? Long-term data retention and warrantless police review of the data? 'cause that's pretty bad.

Also the 'details' are often not the whole story. Additional 'details' are secret or creep in--like the license plate cameras being used to find stolen cars. Those are also being used to build databases of where people are, which are cross-referenced with speed limits and time, determining that person X got 5 blocks really fast so must be spe

Re:

[fnj]

A better summary: RSA guy annoyed that privacy groups oppose lots of ideas as Orwellian before analyzing the details of any plan.

Your summary is at least typo free, grammatical and intelligible, but it still doesn't convey WTF he was talking about any more than the original summary did. Can't anyone sum it up informatively in two sentences?

Re:

[wonkey_monkey]

Once again (and I'm sure I'll get jeered at and have potatoes thrown at me for daring to suggest this) a brief explanation of an initialism would have helped.

RSA is both the name of a network security firm and the name of a security conference that they run.

Re:

[Ol Olsoc]

/lobs potato

Remember - when at the beach, the potato goes in the front of your Speedo's, not in the back.

Re:

[bluefoxlucid]

Companies aren't whiter than white? You mean they're little black kids that steal your bicycle?

Your strawman, I see it.

[HeckRuler]

Where is it written that cyber criminals can steal our identities...

It isn't..... that's illegal. If we catch you doing that you go to jail. But it's kinda hard to catch people doing that. It's called criminal enterprise. We will not allow corporations to openly be criminal enterprises. The rule of law persists, and if you break the law we will break you.

Re:

[vlm]

We will not allow corporations to openly be criminal enterprises. The rule of law persists

Yeah thats fine in Europe, but in America it isn't so, and coincidentally most of the complainers he's complaining about are in the USA.

So whats your solution when govt/corps have merged, there are no laws for the rich, laws are meant to be purchased, the govt does not represent the people, etc?

Re:

[drinkypoo]

So whats your solution when govt/corps have merged, there are no laws for the rich, laws are meant to be purchased, the govt does not represent the people, etc?

Open Source, peer-reviewed encryption algorithms that, preferably, don't belong to a specific corporation. An emphasis on personal freedom and responsibility. The first amendment, and the second. Barter. Strategic agreements. Handshake deals. And in general, making an end run around the system wherever possible.

Re:

[interval1066]

Right. Guess which side of all that Mr. Covielo would come down on...

Re:

[bluefoxlucid]

Would you be behind an upgrade to Cyanogenmod to negotiate encryption over voice connections based on PKI?

Re:

[thePowerOfGrayskull]

I *think* he was going for something along the lines of this tautology: "if all guns are outlawed, only criminals will own guns".

Re:Your strawman, I see it.

[jd2112]

...and when marriage is outlawed only outlaws will have in-laws.

You can always be a criminal too!

[grimJester]

Where is it written that cyber criminals can steal our identities...

The actual wording is that if you steal someone's identity you're a criminal. But don't despair! You can choose to do the exact same thing and that would make you a criminal just like the ones you so envy and admire!

Editing required.

[Anonymous Coward]

""RSA boss Art Covielo trod on the toes of privacy proponents' toes at London's RSA 2012 show, by accusing them of faulty reasoning and over-stating their fears of Big Brother."

The toes of their toes... makes perfect sense!

Re:

[LordNightwalker]

Only minor insult then. Not as bad as if he'd trodden on the actual toes themselves. ;)

Re:

[Otter Popinski]

"(now the ears of my ears awake and
now the eyes of my eyes are opened)"

-- e. e. cummings

The toes of my toes are my friend

[Anonymous Coward]

"Art Covielo trod on the toes of privacy proponents' toes"
Really? I know the editors here don't actually edit, but even this one seems silly. Unless privacy advocates have toes growing on their toes.

Privacy challenge, accepted.

[u64]

Ok internet, sounds like we've been challenged to dig up everything about Art Coviello.
physical address
family members
list of friends
salary
personal history
political leanings
sexual orientation
juicy pictures (plz warn if NSFW. Dat guy looks ugly) ...and so forth.

Everything seems fair game. If you've got something you don't want anyone to know,
then you shouldn't have done it in the first place. eh

Re:

[ae1294]

OK so you're OK with naked pictures of hot guys... That has been added to our criminal crime fighting database. Thank you... Ze RSA

Wieners with wieners even worse

[Impy the Impiuos Imp]

> Covielo trod on the toes of privacy proponents' toes

Toes with toes. It is right to stamp out mutants.

Re:

[Sulphur]

> Covielo trod on the toes of privacy proponents' toes

Toes with toes. It is right to stamp out mutants.

Sounds like a bumper crop of toe jam, and podiatry bills.

Private entities?

[Anonymous Coward]

You mean the ones that have raped our environment and loaded our food with HFCS?

Listen Art. I don't know you, but I probably trust you. I trust you as an individual. There's a good chance if our paths cross you wouldn't harm me, physically or otherwise. Like any person you have your ideas and opinions which you're entitled to express. Again, in this I trust you. You can be right or wrong but ultimately I can choose to disregard what you say and protect myself in the event that you're dangerously ignorant. U

Re:

[icebraining]

Now, you want me to believe private enterprise can help protect my privacy? That's going to be a tough sell. Private enterprise has given us a lot of really cool stuff. We've also payed a pretty heavy price for it. That's because the goal is rarely "Let's design product/service X to benefit people" but "What product/service can we design to pull maximum profit".

Your first goal is to convince me that private enterprise can do something altruistic.

But nobody honest can argue that. The question is, how can we make sure that the way for the private enterprise to maximize their profits is to design products/services to maximize people.

Re:

[icebraining]

*benefit people, not maximize.

Re:Maximize People

[TaoPhoenix]

Unfortunately, Fast Food has designed itself to Maximize People to maximize profits.

Re:

[icebraining]

Regulations are not a panacea, due to regulatory capture [wikipedia.org] and unintended consequences.

Where Is It Written?

[guttentag]

Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother?

• In the facebook operations manual [slashdot.org]
• In the cookies file on every computer that connects to commercial Web sites (no link required, self-evident)
• In the training manuals at police departments that use license plate readers [slashdot.org]
• In the pages of the New York Times [slashdot.org]
• The California District Attorneys Association's training seminar materials [slashdot.org], Embassy Suites, Napa, CA

The real paradox here is that as Executive Chairman of RSA, Covielo has a responsibility to know where it's written that if company X has access to your data it will be exploited. However, as Chairman of a company, he has a responsibility to deny that companies cannot be trusted. This conflict of interest means that his public statements will always be somewhat... ah, what's the word? Oh, yeah, cryptic.

trod on the toes of privacy proponents' toes

[fredrated]

toes have toes?

Re:

[eriqk]

Sure they have they have they have.

do toes have toes?

[Mister Liberty]

or am I toast?

Art C should really stop doing that to his wife

[WillAffleckUW]

I mean, seriously, it's pretty sick.

I'll upload the video if you want, but it's fairly twisted. ... oh, you meant the privacy of Serfs, not YOUR privacy, Art?

Next time be clearer.