Anonymity is the enemy of privacy, says RSA grand fromage
There's only one letter between RSA and NSA, after all
RSA Europe 2013 A dogmatic allegiance to anonymity is threatening privacy, according to Art Coviello, executive chairman of RSA.
Coviello cast anonymity as the "enemy of privacy" because it gives "free reign to our networks to adversaries" with "no risk of discovery or prosecution."
The head of EMC's security division told delegates at the RSA Conference Europe that security and privacy need to be aligned like two poles of a magnet in a trusted environment for internet commerce to flourish.
An imbalance between privacy and security was causing customers decisions to deploy Big Data technologies that could give them a much clearer picture of hacking attacks, Coviello claimed.
"Customers are caught in a Catch-22. They're afraid to deploy technology for fear of violating workers' privacy" even though security intelligence tools are ultimately the best way to protect personal information, Coviello argued.
The security leader's remarks follow on from criticism at the same show last year that privacy concerns were hampering intelligence-sharing efforts. The combined pitch caused one French wag to note that there's only one letter of difference between the NSA and RSA.
Mindful of such unflattering comparisons, Coviello admitted Big Data systems could be "misused”. He said: "Big Brother, ethics aside, will stifle innovation.”
Anonymising services and technologies that offer anonymity, such the Tor network and VPNs, have been in the news recently because of law enforcement action and intelligence agency leaks. Coviello's line was a controversial one to peddle to European audiences in the wake of the latest Snowden revelations, which put figures on the extent of NSA's dragnet spying on the phone calls of French, German and Spanish citizens.
"Many privacy advocates hold the polar opposite view to Coviello, believing anonymity online is a fundamental ingredient for online privacy," writes security consultant and blogger Dave Whitelegg. . "Art's perspective also highlights the difference in attitudes towards privacy harboured between the United States and Europe,” added Whitelegg. “The European Union was built on its citizens' rights, including the right to privacy, a right the EU wishes to see exercised online, whereas the US view tends to be 'privacy is dead', believing the right to online privacy has been given up and the privacy fight lost."
Less controversially, Coviello added that security industry needs to act less like a police headquarters that simply responds to attacks and more like beat cops who know their environment and can recognise and respond to anomalies. Big Data technologies were key moving away from a purely reactive security model to an intelligence-driven approach.
“When we understand the context of people’s ‘normal’ behaviour or how information flows on our networks, we can more clearly and quickly spot even a faint signal of any impending attack or intrusion, ” Coviello explained, “This is what makes intelligence-driven security future-proof. It eliminates the need for prior knowledge of the attacker or their methods.” ®
Sponsored: Global DDoS threat landscape report