Update: Thanks again to Nandini Jolly of CryptoMill Technologies Inc. and Laura Tribe of Open Media, and all other participants of our Twitter chat today. The recap with some of the most interesting points have been added to the story below.
If 2015 was the year of the hack, then 2016 is the year privacy and encryption squared off against national security.
We saw it with Apple’s dispute with the FBI over creating backdoors on its iPhone devices, then we saw it with BlackBerry’s compliance with the RCMP in giving the latter its global encryption key for its consumer devices. Now we are seeing it with U.S. Supreme court giving the FBI more hacking powers, potentially to go cross-border.
It’s hard to imagine that in the span of months, all the world’s data suddenly seems to be up for grabs.
At IT World Canada, we want to have a discussion around the future of data and privacy. When companies and governments can simply demand or hand over data on a whim, is there a purpose to encryption? What becomes of data sovereignty now that cross-border hacking is state sanctioned?
The May 31 chat included following guest experts:
Nandini Jolly is the founder and president of CryptoMill Technologies Inc., an enterprise data security solutions provider.
Jolly develops security solutions to tackle threats to corporate information. She’ll be taking part in the chat with the @cryptomill account. |
|
Laura Tribe is a digital rights specialist for OpenMedia, a Canadian non-partisan, non-profit organization that supports net neutrality, open government, privacy and other civil liberties.
Tribe has a background in human rights and information communication technologies. Follow her on Twitter at @ltribe. |
|
Join us on Tues. May 31, from 1 to 2 p.m. ET. We’ll be using the hashtag #ITWCchats.
If this is your first time participating, check out this video on how to take part in a Twitter chat. The questions are listed below, so feel free to join in with your own answers. See you there.
Q1. What is your reaction to revelations of BlackBerry giving the RCMP the encryption key to its consumer devices? #ITWCchats
A1. Also surprised that a master key even existed. If you own the data, you should own the key. #ITWCchats
— CryptoMill Cybersecurity Solutions (@cryptomill) May 31, 2016
It's critical that this master key was revealed, so we can have a public conversation about how this should be managed in future. #ITWCchats
— Laura Tribe (@ltribe) May 31, 2016
and to hear they used it to access 1 million accounts. that's pretty significant #ITWCchats
— Brian Jackson (@brianjjackson) May 31, 2016
Q2. What were your thoughts on how BlackBerry responded when these revelations were made public? #ITWCchats
A2. If the court documents were not made public, we would never have known. Why would BlackBerry hide it if it was a good thing? #ITWCchats
— Dave Yin 殷大伟 (@yindavid) May 31, 2016
Assurances and communication from BB and RCMP should have been forthcoming. #ITWCchats
— CryptoMill Cybersecurity Solutions (@cryptomill) May 31, 2016
A2. I thought John Chen (one of my favourite execs) was not at his finest in handling the revelation BB had turned over data. #itwcchats
— Jim Love (@CIOJimLove) May 31, 2016
Q3. Is there something Canadian about how BlackBerry & Rogers complied with RCMP vs how Apple publicly refused FBI backdoor? #ITWCchats
Also worth noting that in Canada, Rogers and Telus put out transparency reports. Bell does not. #ITWCchats @brianjjackson
— Laura Tribe (@ltribe) May 31, 2016
A3. Apple shared iCloud backups with the law, so in fact Apple complied too. #ITWCchats
— CryptoMill Cybersecurity Solutions (@cryptomill) May 31, 2016
Companies do step up. 150+ businesses spoke out against the #C51's overreaching surveillance. https://t.co/rlh0nf1NRb #ITWCchats @yindavid
— Laura Tribe (@ltribe) May 31, 2016
Q4. Are we, in 2016, at a tipping point where public/businesses/regulators must directly address boundaries of security vs privacy? #ITWCchats
We're seeing cell phone tower dumps, and tech like Stingrays being used to access as much data as possible. #ITWCchats
— Laura Tribe (@ltribe) May 31, 2016
I agree-otherwise there's no teeth yet some provinces have teeth, others don't. Are all Cnds equally protected? #itwcchats
— Lee Anne Davies (@agenomics) May 31, 2016
In 2016, it's hard to imagine a privacy commissioner's job is anything other than the internet #itwcchats
— Dave Yin 殷大伟 (@yindavid) May 31, 2016
Q5. What, to you, is reasonable access to data by government or law enforcement? What checks & balances are needed? #ITWCchats
Top 3 steps to reasonable government access:
1) Require A Warrant
2) End Mass Surveillance
3) Embrace Accountability #ITWCchats— Laura Tribe (@ltribe) May 31, 2016
Keys should be under the control of the individuals and organizations that own the data.#ITWCchats
— CryptoMill Cybersecurity Solutions (@cryptomill) May 31, 2016
A5. Warrants for individual users, not whole technologies #ITWCchats
— Dave Yin 殷大伟 (@yindavid) May 31, 2016
Q6. How could law enforcement minimize harm? I.e. target individual users of devices/servers/data centres vs. manufacturers? #ITWCchats
Giving more power to the privacy commissioner and the office to be effective watchdogs. #ITWCchats
— CryptoMill Cybersecurity Solutions (@cryptomill) May 31, 2016
If and when additional citizens are caught up in surveillance, there need to be clear guidelines for data handling and retention #ITWCchats
— Laura Tribe (@ltribe) May 31, 2016
A6. Perhaps it could limit harm by having some sort of citizen oversight of this process. #ITWCchats
— Brian Jackson (@brianjjackson) May 31, 2016
Q7. Should there be a distinction made between handling consumer data and corporate data, as BlackBerry has done? #ITWCchats
The culture needs to be customers owning their own data, not cloud/technology providers or governments #ITWCchats
— Dave Yin 殷大伟 (@yindavid) May 31, 2016
https://twitter.com/Ryan1Patrick/status/737703268164481025
A7. No, it's possible to design system such that individual consumers have same privacy & security assurances as corporate users. #ITWCchats
— CryptoMill Cybersecurity Solutions (@cryptomill) May 31, 2016
Q8. Are governments sending the wrong message by sanctioning hacks? I.e. that encryption is becoming irrelevant? #ITWCchats
In other words, gov sanctioned hacks would have direct impact on technology adoption innovation #ITWCchats
— Dave Yin 殷大伟 (@yindavid) May 31, 2016
A8 Totally. #ITWCchats pic.twitter.com/5zl5kOvY1P
— Wolston Lobo (@WolstonL) May 31, 2016
Always a relevant XKCD comic. #ITWCchats pic.twitter.com/vO9KrzYbUS
— Dave Yin 殷大伟 (@yindavid) May 31, 2016
Q9. Should our or other governments raise data sovereignty concerns over US Supreme Court enabling FBI cross-border hacking? #ITWCchats
… we are better off to put strong technologies in place ourselves than to rely on other countries to act in our best interest. #ITWCchats
— Laura Tribe (@ltribe) May 31, 2016
A9. Any FBI investigation outside the US should have local government consent & involvement. #ITWCchats
— CryptoMill Cybersecurity Solutions (@cryptomill) May 31, 2016
One of the best things that the Cdn govt can do to protect us from FBI, etc is to ensure legal protections for strong encryption #ITWCchats
— Laura Tribe (@ltribe) May 31, 2016
Q10. How should businesses act in the absence of clear legal boundaries in terms of client encryption, compliance, or advocacy? #ITWCchats
Companies can be a critical force to clarify those grey areas by speaking up and demanding clarity. Not just complying by default #ITWCchats
— Laura Tribe (@ltribe) May 31, 2016
.@itworldca companies get sold, merged, bankrupted, etc. We cannot rely on companies-needs to be at privacy commissioner level #ITWCchats
— Lee Anne Davies (@agenomics) May 31, 2016
.@yindavid We also need to 'recruit' national certifying bodies such as CIPS to step up to the privacy challenge #ITWCchats
— Lee Anne Davies (@agenomics) May 31, 2016