Phil Zimmermann: Privacy Protection Just As Important As Security For Businesses

PGP creator tells TechWeekEurope companies should take privacy protection seriously and argues law enforcement is living in a “golden age of surveillance”

Businesses should pay just as much attention to their privacy measures as they to security, according to Pretty Good Privacy (PGP) and Silent Circle founder Phil Zimmermann.

Zimmermann, in London for UC Expo, told TechWeekEurope that the recent Sony hack demonstrated the business case for ensuring the collective privacy of a company and that intelligence and law enforcement agencies were living in a “golden age of surveillance.”

Privacy just as important as security

Phil Zimmermann“Companies have not thought about privacy enough because they tend to think of privacy as a social concept that applies to individuals and they think of security when they think of the corporate context,” he said. “There’s a need for a security in the corporate context but the same kinds of tools that can be used to protect privacy for individuals can also be applied to business.

“The damage done by loss of privacy is well-illustrated by the Sony incident because a lot of individuals’ privacy was violated in that incident. Look at the movie scripts that were stolen from Sony – those should have been encrypted with PGP. The individual emails that violated the privacy of actors  -those should have encrypted.

“I’m sure Sony had firewalls and intrusion detection – the usual kinds of tools that IT departments at big companies have – and yet those kinds of protections invariable fail. In a large enterprise with thousands of workers and thousands of machines – somewhere you can find a way to get in. Individuals can protect their single computer or smartphone with various tools.

WhatsApp is using a form of encryption that’s well designed. [Silent Circle has] a text encryption product, we’re working on improving that. It’s possible to make good end-to-end encryption tools that don’t depend on the back end IT systems not being compromised.”

‘Golden age of surveillance’

Zimmermann said the exposure of mass surveillance programmes by Edward Snowden had made many people aware of the value of privacy, but said he wasn’t sure if this was true of the entire population. He cited a recent segment on the Last Week Tonight with John Oliver programme on HBO in the US, in which many people interviewed on the street did not know who Snowden was or had misconceptions about this activities.

Eye spy surveillance security, biometric retina iris © agsandrew ShutterstockEuropol chief Rob Wainright, the FBI and Prime Minister David Cameron are among those critical of encryption, arguing that that increasing adoption is thwarting the ability of security forces to uncover terrorist plots and other crimes. Cameron has even called for an encryption “back door” to be made available to governments, but even ignoring the technical aspect of such a suggestion, Zimmermann said it the authorities have never had it so good.

“They’re complaining encryption interferes with law enforcement but people in the intelligence and law enforcement are enjoying a golden age of surveillance,” he said. “There’re millions of cameras across the UK, in the US and all over China and these have facial recognition so you can track individuals as they walk down the street.

“All this data is fused together. They have such a breath-taking ability of pervasive surveillance. They’re complaining about a few missing pixels on the big screen.

“I think it’s crazy to deny everyone access to strong encryption just because bad guys can use it. Bonnie and Clyde would rob a bank and jump into their cars and drive very fast across state lines. The police were unprepared for that kind of behaviour. The police at that time were calling for smaller gas tanks to be made in cars and some even said people shouldn’t be allowed to purchase cars at all.

“All kinds of technologies can be of benefit to criminals. The 9-11 hijackers purchased handheld GPS receivers because the navigation systems on the aircraft were able to navigate to airports but not the World Trade Centre or the Pentagon.

“Should we stop selling GPS receivers so hijackers can’t buy them? Should that be our response? I don’t think so. The whole of society and the economy benefits from portable GPS receivers.”

Justification of mass surveillance

But if mass surveillance saves lives, can it ever be justified?

“I don’t know, but is it worth it?” he said. “Can the information can be gleamed in other ways or can situational awareness be maintained about terrorism using human intelligence? You have to look at the overall cost to society.”

Blackphone 2Of course encryption only protects the content of calls, not the data. Many governments around the world, including Australia and the US, require service providers to maintain records of the ‘metadata’ of communications, while Police in the UK can access such information through the Regulation of Investigatory Powers Act (RIPA).

“Traffic analysis is very difficult to protect against” said Zimmermann. “It keeps track of who you’re calling, how long you were talking for and when you were talking to them. Even if they can’t wiretap the content of the call, the rest of the information is still there.”

Zimmermann has also been heavily involved with the creation of the Blackphone, a privacy-oriented smartphone that uses the custom PrivatOS to encrypt communications. A successor to the device has been announced, as has the first Blackphone branded tablet, and demand for the handset has apparently been high.

“We expect that one to be very popular,” said Zimmermann. “We’re getting a lot of interest from enterprises about it. One of the reasons why we built the Blackhpone is because in all my years in crypto, people have often asked the question ‘Is this NSA-proof?’ It is possible to make good crypto protocols but you’re always at risk on the platform you’re running on. We thought the best way was to build the protections into the platform.”

Are you a security pro? Try our quiz!