RSA chief and privacy groups at loggerheads over access to citizens’ data
RSA executive chairman Art Coviello has criticised privacy advocates for basing their arguments on “dangerous reasoning”, comments that have already earned him a tongue lashing from Big Brother Watch and the Open Rights Group.
Coviello, whilst noting the need for privacy, lambasted privacy groups’ “knee jerk” reactions to public and private sector attempts to improve people’s security, pointing to the “insanity” of the situation, in a keynote to open the RSA 2012 conference in London this morning.
In Coviello’s view, privacy advocates are over-reacting to measures designed to protect online identities, preferring to live in a world of danger: “Because privacy advocates don’t realise that safeguards can be implemented, they think we must expect reasonable danger to protect our freedoms,” Coviello said.
“But this is based on dangerous reasoning, a knee jerk reaction, without understanding the severity and scope of the problem.
“Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother.”
Privacy advocates hit back
Coviello did not point to any specific instances of over-reaction, but he was speaking in London, where the debate around the Communications Data Bill has brought the debate of security versus privacy to the fore. That proposed legislation would require ISPs and other communications providers to open up to law enforcement bodies who would be able to get hold of communications data (including the parties involved, their whereabouts and what time messages were sent), without the need for a warrant.
Privacy advocates were quick to criticise Coviello’s comments this morning.
To “suggest the only way to protect against cyber crime is to sacrifice privacy and civil liberties is absurd,” Nick Pickles, director of privacy campaign group Big Brother Watch, told TechWeekEurope. “It is a simple fact that if data has not been collected, it cannot be stolen, lost or misused. The best safeguard for consumers and businesses is for data not to be collected unless it is absolutely essential, and then deleted as soon as it is no longer required.”
Jim Killock, executive director of the Open Rights Group, added: “Most privacy advocates I know are very keen that industry takes action against digital crimes, including fraud and impersonation. What they are keen to assert is that personal privacy and security is paramount to taking effective action. They tend to emphasise investigation over systemic surveillance to tackle crime as more effective.”
RSA 2012 off to a contentious start
As for why Coviello bashed privacy organisations at RSA 2012 this morning, Brian Honan, IT security expert at BH Consulting, suggested security companies and governments were after as much data as they could get their hands on.
Much of Coviello’s keynote focused on the need for intelligence-driven security, which relies on security companies getting hold of as much data as possible, to feed into analytics tools and SIEM (security information and events management) systems, like those that RSA sells.
From the vendors’ and governments’ perspective, security and privacy do not always complement each other, said Honan, who disagrees that people should forego privacy for the sake of security.
“Security and privacy are not easy bedfellows,” he told TechWeekEurope. “But as citizens of the world we have a right to privacy. That is there to protect us from abuse by corporations and by governments.
“A knee jerk reaction to a security issue in surrendering our rights is not the thing to do. We need to protect ourselves, so we need to look at how we do that in a civilised way.
“I have no problem with allowing law enforcement to access that data but under strict conditions, under court orders with the right controls.”
Are you a security guru? Try our quiz!