RSA 2014: Bruce Schneier – Privacy Has Not Been Lost To The NSA

Don’t feel futile, the Internet can be saved, according to cryptography luminary

There are ways for people to win back their privacy from global intelligence agencies, largely by making bulk collection of data economically unviable, encryption luminary Bruce Schneier told delegates at the RSA 2014 conference today.

This would be doable by placing secure encryption in places where it currently does not reside, from vulnerable mobile applications to people’s hard drives.

“Encryption frustrates the NSA at scale,” he said. “Our goal should be to leverage economics, physics and maths to make the Internet secure, to make surveillance more expensive.

Bruce Schneier Wikimedia Commons“It is easy to feel futile but there is a lot we can do here.”

Don’t give in to the NSA

Schneier, who is now chief technology officer at Co3 Systems, also called for a new internet governance body. “We need to figure out governance in a world that no longer trusts US benevolence.”

He pointed to a number of positive outcomes of the Edward Snowden revelations, one being that commercial companies now fear working with intelligence bodies due to the potential reputational damage.

It’s also clear encryption works, as it makes the NSA’s mass collection far more difficult. Within government changes could be afoot, largely because it is unclear whether the surveillance is actually providing any benefit. “A lot of it is voyeurism,” he added.

“The NSA’s mission is to collect everything, that is the way you have to think about it… While the Snowden docs have given us an extraordinary insight, they are really about what any other nation state will do.

“We have built an insecure internet for everyone. We have enabled the panopticon.”

Yet it will take between 15 and 20 years to reverse the damage done, producing an internet that is secure, Schneier said.

Earlier today, speaking to TechWeekEurope, he expressed sympathy for RSA, which has faced criticism over allegedly allowing a backdoor in its code following a $10 million payment from the NSA. RSA has denied the allegations.

Are you a security expert? Try our quiz!