RSA Boss Angers Privacy Advocates

judgecorp writes "RSA boss Art Covielo trod on the toes of privacy proponents' toes at London's RSA 2012 show, by accusing them of faulty reasoning and over-stating their fears of Big Brother. By trying to limit what legitimate companies can do with our data, privacy groups are tying the hands of people who might protect us, he says. 'Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother.' Ever-outspoken, he also complained that governments and cyber-crooks are collaborating to breach organisations with sophisticated techniques. In that world, it is just as well vendors are whiter than white, eh?"

"Protect us" is in the eye of the beholder

[crazyjj]

It's hard to criticize his opening remarks, as he was so vague and rambling (even if you RTFA, it's difficult to tell who exactly he's criticizing or what's he's proposing as an alternative). I would say this though: any company or entity that HAS information is always at risk of abusing it. Some entities are more likely than others to abuse it, but even the most conscientious of companies/agencies is made of up individuals. And individuals have been shown time and time again to be inconsistent and unreliable when entrusted with power and information (I believe Penn & Teller once did a delightful demonstration of that on Bullshit). The best solution is always to keep other parties from getting your information in the first place, as much as it is feasible (not to the point of paranoia, but enough to make reasonably sure that you're not just opening your zipper to someone else either).

But I do certainly agree with him that "governments and cyber-crooks are collaborating." That's almost a "no shit" assertion. China, the U.S., Russia, and Israel are almost certainly doing this (likely Iran, Turkey, the UK, etc. as well). But this is hardly anything new. Intelligence agencies have been cooperating with and utilizing criminals and lowlife types since the beginning of civilization. It's hardly breaking news that they would be doing this on the cyber-front as well.

Re:"Protect us" is in the eye of the beholder

[fustakrakich]

It's not merely a 'risk' that they will abuse it, it's a given, if they think they can get away with it. This applies to all forms of power/authority. I prefer total transparency, but we must strongly restrict how information is used against us. This would be the major problem.

Re:"Protect us" is in the eye of the beholder

[HPHatecraft]

It's hard to criticize his opening remarks, as he was so vague and rambling (even if you RTFA, it's difficult to tell who exactly he's criticizing or what's he's proposing as an alternative).

Glad that someone said it. I had a difficult time comprehending the article -- it was poorly written.

The best solution is always to keep other parties from getting your information in the first place, as much as it is feasible (not to the point of paranoia, but enough to make reasonably sure that you're not just opening your zipper to someone else either).

People are remarkably plastic with ethics and morals -- it seems sometimes that no one is willing to consider: "would I want this done to me? Therefore, I shouldn't visit x upon this (person|group|etc)." This has something to do with distance and depersonalization of the victims -- "It's just their name, address, primary email, and credit card purchases from 2010. It's not actually hurting anyone." Also, mentioning the Milgram and/or Stanford experiments here seems appropriate; the company policy is sell personal information, so individuals who would normally not behave this way do because of various pressures. So, yeah, by all means do not rely on the decency and goodness of others to "do the right thing", and protect your privacy. It makes for a crummy, cynical world, but what can you do?

Re:"Protect us" is in the eye of the beholder

It's not merely a 'risk' that they will abuse it, it's a given, if they think they can get away with it.

Thank you; with that sentence, you just flung yourself headlong from "reasonable argument", which the GP was promoting, straight into "paranoid conspiracy theorist whackjob". I'm glad you went there, because otherwise we might be able to maintain some momentum whenever we get small portions of the general populace legitimately concerned about privacy. But now, thankfully, they've got another nifty soundbite they can point to and say, "Why should we listen to them? They're just a bunch of paranoid wackos who think everyone's out to get them!". Good job! I mean, that WAS your goal, right? Your type seems to be working so hard towards it, after all.

Re:"Protect us" is in the eye of the beholder

[Voyager529]

It's not merely a 'risk' that they will abuse it, it's a given, if they think they can get away with it.

Thank you; with that sentence, you just flung yourself headlong from "reasonable argument", which the GP was promoting, straight into "paranoid conspiracy theorist whackjob".

That entirely depends on how you each define 'abuse'. If Acme Marketing Firm has data about me and 50,000 other people to provide aggregate statistics and trend analyses, and they sell those stats and trends (or a product or service derived therefrom) to Foo Soft Drinks, but have not gained my consent to do so, is it abuse?
If Slim Shifty's Facebook-Got-Nothing-On-My-Info service has enough data on me to sell an individual marketing profile to Foo Soft Drinks as to how Foo can best sell their sugar water to me personally based upon my eating and shopping habits, is *that* abuse?

It is paranoia to have a reaction to Acme's use of my personal data, based upon how it is used, if that reaction is similar to how Slim Shifty uses that data. It is folly to have the opposite reaction to the opposite use of data.

What the GP is saying is that if a company can get away with selling data on top of whatever products and services they offer, it'd require either companies acting on principle, or companies acting upon fear of litigation to prevent them from doing so. Effectively, you're asking them to turn down free money, and those are the only two reasons they would do so.

Re:"Protect us" is in the eye of the beholder

[fustakrakich]

Sorry, all the studies, and history itself, have already confirmed my point. Authority must be watched closely and challenged often, or it will go berserk, as it has 100 percent of the time, without fail. It's just a simple fact of nature. Feel free to point to any evidence that proves otherwise.

Re:"Protect us" is in the eye of the beholder

[Jane+Q.+Public]

"It is paranoia to have a reaction to Acme's use of my personal data, based upon how it is used, if that reaction is similar to how Slim Shifty uses that data. It is folly to have the opposite reaction to the opposite use of data."

The problem is that it doesn't work that way.

As the Yahoo data dump showed many years ago, there is no such thing as "anonymous" data. Even if Company A "properly" anonymizes their data, when they sell it, Company B can put it together with other "anonymous" data, and use algorithms to pinpoint just exactly who you are, where you live, etc.

So don't be so quick to chastise people for being "paranoid". Their concerns are real.

Re:"Protect us" is in the eye of the beholder

let me rephrase that soundbite into a more famous form:

"power corrupts"

I have yet to meet somebody who disagrees with that, and in any case history provides plenty of examples (historically it's a simple observation that any powerbase that exists long enough is sooner or later abused, and usually sooner)

Advice from your mom.

[bmo]

"But mooooom! The other kids are stealing information too!"
"If the other kids all jumped off the Tappan Zee, would you?"
"No, but mooom, it's not faaaaaaaaaaair!"

--
BMO

Edit summary, please.

[E.+Edward+Grey]

I read this summary three times and I'm still struggling to figure it out.

Re:Edit summary, please.

[bmo]

He's upset that the government and criminals just willy-nilly ignore privacy advocates, while privacy advocates hold his company's feet to the fire on privacy rights.

Because his company should be allowed to be just as crooked as the governments and criminals.

It's all so much schoolyard whining and toddler mentality.

--
BMO

Re:Edit summary, please.

Try going to the secondhand source instead of the thirdhand.

Coviello, whilst noting the need for privacy, lambasted privacy groups’ “knee jerk” reactions to public and private sector attempts to improve people’s security, pointing to the “insanity” of the situation, in a keynote to open the RSA 2012 conference in London this morning.

In Coviello’s view, privacy advocates are over-reacting to measures designed to protect online identities, preferring to live in a world of danger: “Because privacy advocates don’t realise that safeguards can be implemented, they think we must expect reasonable danger to protect our freedoms,” Coviello said.
  “But this is based on dangerous reasoning, a knee jerk reaction, without understanding the severity and scope of the problem.
“Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother?”

A better summary: RSA guy annoyed that privacy groups oppose lots of ideas as Orwellian before analyzing the details of any plan.

Re:Edit summary, please.

I read the article two times and there is nothing in it. His complains have been so general, that I have no idea what exactly he complains about. Some privacy advocates oppose something he agree with and the situation is crazy. As he did not told who opposes what, he may be either right, wrong or just randomly rambling.

Re:Edit summary, please.

[fuzzyfuzzyfungus]

It's especially amusing if you remember back to the... entertaining... role that RSA played in the (to the best of my knowledge still unsolved) breach of a number of big name defense contractors. RSA retained copies of all the seeds used to fill RSA fobs shippped to customers, and then got cracked by parties unknown, who were subsequently able to compromise RSA's customers.

He's about the last person in the world who should be opening his mouth about how companies keeping more information on us can make us safer...

Re:Edit summary, please.

[wonkey_monkey]

Once again (and I'm sure I'll get jeered at and have potatoes thrown at me for daring to suggest this) a brief explanation of an initialism would have helped.

RSA is both the name of a network security firm and the name of a security conference that they run.

Re:Edit summary, please.

The problem with such circular logic is that pretty soon you are spin dizzy! You aren't supposed to "figure it out". You are supposed to say "Well, more intelligent people than I say it is ok, so it must be!"... :rolleyes:

Re:Edit summary, please.

[bluefoxlucid]

Companies aren't whiter than white? You mean they're little black kids that steal your bicycle?

Re:Edit summary, please.

[bluefoxlucid]

What attempts to improve peoples' security are we talking about here? Long-term data retention and warrantless police review of the data? 'cause that's pretty bad.

Also the 'details' are often not the whole story. Additional 'details' are secret or creep in--like the license plate cameras being used to find stolen cars. Those are also being used to build databases of where people are, which are cross-referenced with speed limits and time, determining that person X got 5 blocks really fast so must be speeding. (Yes, the police are databasing where non-stolen cars are, but "only to give speeding tickets," when the cameras were put there "only to find stolen cars").

People are more afraid of what's not being said and of demonstrated pattern behavior. Basically we're afraid of the Kazi.

Re:Edit summary, please.

/lobs potato

Re:Edit summary, please.

[fnj]

A better summary: RSA guy annoyed that privacy groups oppose lots of ideas as Orwellian before analyzing the details of any plan.

Your summary is at least typo free, grammatical and intelligible, but it still doesn't convey WTF he was talking about any more than the original summary did. Can't anyone sum it up informatively in two sentences?

Re:Edit summary, please.

[Ol+Olsoc]

/lobs potato

Remember - when at the beach, the potato goes in the front of your Speedo's, not in the back.

whiter than white, eh?

Summary from the Great White North

Re:whiter than white, eh?

No one expects the Canadian inquisition. At least not until they see "eh".

Your strawman, I see it.

[HeckRuler]

Where is it written that cyber criminals can steal our identities...

It isn't..... that's illegal. If we catch you doing that you go to jail. But it's kinda hard to catch people doing that. It's called criminal enterprise. We will not allow corporations to openly be criminal enterprises. The rule of law persists, and if you break the law we will break you.

Re:Your strawman, I see it.

[vlm]

We will not allow corporations to openly be criminal enterprises. The rule of law persists

Yeah thats fine in Europe, but in America it isn't so, and coincidentally most of the complainers he's complaining about are in the USA.

So whats your solution when govt/corps have merged, there are no laws for the rich, laws are meant to be purchased, the govt does not represent the people, etc?

Re:Your strawman, I see it.

[drinkypoo]

So whats your solution when govt/corps have merged, there are no laws for the rich, laws are meant to be purchased, the govt does not represent the people, etc?

Open Source, peer-reviewed encryption algorithms that, preferably, don't belong to a specific corporation. An emphasis on personal freedom and responsibility. The first amendment, and the second. Barter. Strategic agreements. Handshake deals. And in general, making an end run around the system wherever possible.

Re:Your strawman, I see it.

[interval1066]

Right. Guess which side of all that Mr. Covielo would come down on...

Re:Your strawman, I see it.

[thePowerOfGrayskull]

I *think* he was going for something along the lines of this tautology: "if all guns are outlawed, only criminals will own guns".

Re:Your strawman, I see it.

[bluefoxlucid]

Would you be behind an upgrade to Cyanogenmod to negotiate encryption over voice connections based on PKI?

Re:Your strawman, I see it.

[jd2112]

...and when marriage is outlawed only outlaws will have in-laws.

Editing required.

""RSA boss Art Covielo trod on the toes of privacy proponents' toes at London's RSA 2012 show, by accusing them of faulty reasoning and over-stating their fears of Big Brother."

The toes of their toes... makes perfect sense!

Re:Editing required.

[LordNightwalker]

Only minor insult then. Not as bad as if he'd trodden on the actual toes themselves. ;)

Re:Editing required.

[Otter+Popinski]

"(now the ears of my ears awake and
now the eyes of my eyes are opened)"

-- e. e. cummings

The toes of my toes are my friend

"Art Covielo trod on the toes of privacy proponents' toes"
Really? I know the editors here don't actually edit, but even this one seems silly. Unless privacy advocates have toes growing on their toes.

Re:The toes of my toes are my friend

The toes of my toes are my friend

OTOH, I have five fingers

Privacy challenge, accepted.

[u64]

Ok internet, sounds like we've been challenged to dig up everything about Art Coviello.
physical address
family members
list of friends
salary
personal history
political leanings
sexual orientation
juicy pictures (plz warn if NSFW. Dat guy looks ugly) ...and so forth.

Everything seems fair game. If you've got something you don't want anyone to know,
then you shouldn't have done it in the first place. eh

Re:Privacy challenge, accepted.

[ae1294]

OK so you're OK with naked pictures of hot guys... That has been added to our criminal crime fighting database. Thank you... Ze RSA

Wieners with wieners even worse

[Impy+the+Impiuos+Imp]

> Covielo trod on the toes of privacy proponents' toes

Toes with toes. It is right to stamp out mutants.

Re:Wieners with wieners even worse

[Sulphur]

> Covielo trod on the toes of privacy proponents' toes

Toes with toes. It is right to stamp out mutants.

Sounds like a bumper crop of toe jam, and podiatry bills.

Private entities?

You mean the ones that have raped our environment and loaded our food with HFCS?

Listen Art. I don't know you, but I probably trust you. I trust you as an individual. There's a good chance if our paths cross you wouldn't harm me, physically or otherwise. Like any person you have your ideas and opinions which you're entitled to express. Again, in this I trust you. You can be right or wrong but ultimately I can choose to disregard what you say and protect myself in the event that you're dangerously ignorant. Ultimately, you're neutral. You're not a threat so some base level of trust is implicit.

However, if you team up with a bunch of other fellow human beings to accomplish a goal that goes right the fuck out the window. The group now has significantly more resources than me and an agenda. History has shown that even altruistically minded groups can cause chaos and danger for the individual and I can't trust that you have the influence to protect against that.

Governments and corporations and unions OH MY!

The funny thing about discourse these days is that everyone wants to point a finger at some group which is corrupt or out of control. Conservatives say government and unions are the problem. Liberals say corporations are the problem, Tinfoil hats say they're all a problem because they are collaborating with the greys. Regardless, the common theme here is that when people group together to accomplish a goal they are subject to human forces of corruption, greed and a lust for power.

I have an interest in living a peaceful life. I'm of the belief that an essential part of ensuring I have a peaceful life is controlling what information about me is out there publically or privately in some database. Today's 'leadership', whether it government or corporate, may be benign but that's no garuntee that tomorrows will be. The last thing I need is a knock on the door because Michelle Bachmann's thought police reviewed the Facebook database they siezed and saw I made some plucky comments about Jesus (and failed to notice I was talking of my gardener, not the carpenter).

Now, you want me to believe private enterprise can help protect my privacy? That's going to be a tough sell. Private enterprise has given us a lot of really cool stuff. We've also payed a pretty heavy price for it. That's because the goal is rarely "Let's design product/service X to benefit people" but "What product/service can we design to pull maximum profit".

Your first goal is to convince me that private enterprise can do something altruistic.

Your second goal is to convince me that Government isn't the answer to my privacy concerns. The cool thing about government is I can vote for representatives. They also have a pretty big stick. My goal is to influence them to use that stick to prevent your enterprise buddies from doing things I disagree with or perhaps to coerce enterprise to do things which are in my interest.

What motivation does Facebook or Google have to purge my data other than regulation?

(of course things are going the wrong way today but that's a different rant for a different time)

Re:Private entities?

[icebraining]

Now, you want me to believe private enterprise can help protect my privacy? That's going to be a tough sell. Private enterprise has given us a lot of really cool stuff. We've also payed a pretty heavy price for it. That's because the goal is rarely "Let's design product/service X to benefit people" but "What product/service can we design to pull maximum profit".

Your first goal is to convince me that private enterprise can do something altruistic.

But nobody honest can argue that. The question is, how can we make sure that the way for the private enterprise to maximize their profits is to design products/services to maximize people.

Re:Private entities?

[icebraining]

*benefit people, not maximize.

Re:Private entities?

We (the people) tell the folks with the big stick who represent us to put regulations into play which further that goal. It's probably easier to start from a base of "If you can't benefit people at least do no harm" than it is to enforce benefit. It's also easier to define objectively where harm begins compared to where benefit is seen.

Re:Private entities?

[icebraining]

Regulations are not a panacea, due to regulatory capture and unintended consequences.

Re:Private entities?

I was right there with you until we got down to what to do about it. Rarely does anybody do anything altruistic. Not corporations, not individuals, not goverments, none of them have your (or my) best interest at heart. Even when it looks like they do they really don't. People are primarily selfish, self serving, egotistical, prideful, greedy bastards. For the most part if someone is doing something to benefit you it's only because that's a coincidence to the benefit that they are going to get. Voting your representive out to be replaced by someone of the same caliber or worse doesn't really fix the problem. They know that and duefully ignore their contituents by and large. They make great speeches around election time, but if you noticed nothing ever really changes. Companies tend to revolve around profit. They try hard to maintain a positive public perception, but at the end of the day it's all about the allmighty buck. If you want to influence corporations then you stop giving them your money. If all providers suck equally then you make the hard choice of living without that product or putting up with whatever it is you don't like. If you want to influence your government... I don't know. Revolution? It's the only thing that really seems to change things. Do I think that's what is needed in the US? Maybe. It's getting close. Regulation can be a good thing, but it can also be non-productive, increase costs to consumers, reduce jobs, waste paper, and otherwise provide less benefit than it gives. Our biggest problem is what we've decided we can't live without. When this country started there was no electricity, no welfare, no machines to do our work for us, no government to turn to for answers. We solved a lot more problems then than we do now.

BULLSHIT!!!

Companies and/or corporations that want my private information ARE cybercriminals! They are trying to collect information that I do not want them to have, so that they can try to show me ads that I do not want to see, for products that I neither want or need. They are doing this (or trying to) using the computer and internet bandwidth that I, NOT THEM have paid for. That makes them no better than spammers to me.

Maybe if the ads were not so obnoxious, trying so hard to distract people from the content that they want to see, less people would use ad blockers. It is also very annoying that many web pages split the content across several pages to be able to display more ads. To me, advertising has become evil, trying to influence people to buy junk that they do not want or need. Trying to make them want junk enough to waste money on it, money most people don't have these days.

Where Is It Written?

[guttentag]

Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother?

• In the facebook operations manual
• In the cookies file on every computer that connects to commercial Web sites (no link required, self-evident)
• In the training manuals at police departments that use license plate readers
• In the pages of the New York Times
• The California District Attorneys Association's training seminar materials, Embassy Suites, Napa, CA

The real paradox here is that as Executive Chairman of RSA, Covielo has a responsibility to know where it's written that if company X has access to your data it will be exploited. However, as Chairman of a company, he has a responsibility to deny that companies cannot be trusted. This conflict of interest means that his public statements will always be somewhat... ah, what's the word? Oh, yeah, cryptic.

trod on the toes of privacy proponents' toes

[fredrated]

toes have toes?

Re:trod on the toes of privacy proponents' toes

[eriqk]

Sure they have they have they have.

It's fairly simple really...

People should opt IN if they want to be tracked. All browsers should have DNT enabled as default, as its in the best interest of the end user. Those that want to give their information, which is far less than those who don't, should have a prompt at installation to disable the DNT.

Of COURSE advertising companies will object. Consumers are just sheep/cattle to these companies. They want to milk consumers for everything they have, and don't want consumers to have to choose to ACCEPT it.

As for ignoring the DNT header, I really hope government gets involved with that one and makes it ILLEGAL to ignore it. Its against the law to tap someone's conversation without their knowledge, it should also be against the law to ignore the DNT header.

You can always be a criminal too!

[grimJester]

Where is it written that cyber criminals can steal our identities...

The actual wording is that if you steal someone's identity you're a criminal. But don't despair! You can choose to do the exact same thing and that would make you a criminal just like the ones you so envy and admire!

Re:Maximize People

[TaoPhoenix]

Unfortunately, Fast Food has designed itself to Maximize People to maximize profits.

do toes have toes?

[Mister+Liberty]

or am I toast?

Art C should really stop doing that to his wife

[WillAffleckUW]

I mean, seriously, it's pretty sick.

I'll upload the video if you want, but it's fairly twisted. ... oh, you meant the privacy of Serfs, not YOUR privacy, Art?

Next time be clearer.

Looks like a secondhand car salesman.

And as trustworthy?