Skip to Content

Safety by breaching security and privacy – What’s new?

Sogeti Labs
September 23, 2013

Security-imageTo be safe means to know everything that security measures and personal privacy could possibly hide. In the wake of Edward Snowden’s digital espionage and warfare revelations, we recently learned that RSA Security – of all companies – is now officially warning that the random generator Dual_EC_DRBG from its BSAFE security and encryption library package is a liability to say the least. Thousands of commercial products are based on Dual_EC_DRBG that is part of the required U.S. Federal Information Processing Standards (FIPS). Ironically, on the privacy side FIPs stands for Fair Information Practice Principles. These FIPs are the result of the U.S. Federal Trade Commission’s inquiry into the manner in which online entities collect and use personal information and safeguards to assure that practice is fair and provides adequate information privacy protection. Nothing new On March 1, 2012, at the In-Q-Tel CEO Summit, CIA Director David Petraeus already spoke frankly of what the rest of us only began to amaze when Snowden in June 2013 started revealing covert digital intelligence operations. Fourteen months before, Mr.Petreaus had said the following: “Within our Directorate of Science and Technology, the operative trait is diabolical creativity. The ingenuity our people bring to our S&T work is world-class, and the value they add to our operations worldwide is immeasurable. We have to rethink our notions of identity and secrecy. In the digital world, data is everywhere. Data is created constantly, often unknowingly and without permission. Every byte left behind reveals information about location, habits, and, by extrapolation, intent and probable behavior. The number of data points that can be collected is virtually limitless. Internet of Things to the rescue Exploiting the intelligence opportunities will require a new class of in-place and remote sensors that operate across the electromagnetic spectrum. Moreover, these sensors will be increasingly interconnected. The current “Internet of PCs” will move, of course, toward an “Internet of Things” – of devices of all types – 50 to 100 billion of which will be connected to the Internet by 2020. Whereas machines in the 19th century learned to do, and those in the 20th century learned to think at a rudimentary level, in the 21st century, they are learning to perceive – to actually sense and respond. Key applications developed by our In-Q-Tel investment companies are focused on technologies that are driving the Internet of Things. These include: – Item identification, or devices engaged in tagging; – Sensors and wireless sensor networks – devices that indeed sense and respond; – Embedded systems – those that think and evaluate; – And, finally, nanotechnology, allowing these devices to be small enough to function virtually anywhere. Project Vesuvius Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters – all connected to the next-generation Internet using abundant, low cost, and high-power computing – the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing. [In May 2012 Project Vesuvius was revealed.] In practice, these technologies could lead to rapid integration of data from closed societies and provide near-continuous, persistent monitoring of virtually anywhere we choose. “Transformational” is an overused word, but I do believe it properly applies to these technologies. Taken together, these developments change our notions of secrecy and create innumerable challenges – as well as opportunities.”

About the author

SogetiLabs gathers distinguished technology leaders from around the Sogeti world. It is an initiative explaining not how IT works, but what IT means for business.

    Comments

    One thought on “Safety by breaching security and privacy – What’s new?

    Leave a Reply

    Your email address will not be published. Required fields are marked *