A lire sur: http://blog.vormetric.com/2013/11/21/2014-prediction-snowden-disclosures-theres-come/
Posted By: Derek Tumulak
Posted By: Derek Tumulak
Finally, my family is going to want to talk to me about what I do this Thanksgiving. After years of glazed looks from friends and family members when we all talk about our what we do, I’m actually going to have something to talk about that will make them perk up and take an interest. And I hate to say it, but Edward Snowden is the reason.
Those of us in the IT Security community are all having a case of Snowden fatigue – nary a week goes by without some sort of new disclosure. It’s reached the point where we’re hearing about it at the dinner table and the coffee shop. Relatives and friends come to us because we’re the experts in this area. They ask us what it all means, talk about how they feel about the disclosures, and solicit our opinions about what else might occur in the coming months. It’s reached “mainstream” awareness in a way that we’re really feeling (and often not in a positive way).
Well, we’d better get ready for a long ride, because this isn’t going to stop anytime soon. Current estimates are that there were between 50,000 and 200,000 documents in the cache of information that Snowden took with him. So far, we’ve heard about the reach of the NSA into our private information via PRISM, the phone tapping of leaders of our closest allies, compromised encryption algorithms (not a concern for Vormetric, but the way, see Mike Yoder’s blog entry here), surreptitious mining of core internet properties like Google and Yahoo, stolen digital certificates that open up communications with secure sites to snooping, and more. That said, with such a huge cache of documents, just imagine what’s yet to be revealed.
It’s hard to make accurate predictions about future disclosures, but I think it’s quite possible we will hear about government programs beyond the US via data exchanges at the NSA. I’d also expect even more US-centric disclosures. We may well have only seen the proverbial tip of the disclosure iceberg around government access to cloud and other personal data.
Are there likely to be new laws passed as a result of this ongoing drumbeat of news? Quite possibly, but the most immediate response is likely to be requirements for much better visibility, specifically, transparency around the circumstances under which these government capabilities may be used, and what sorts of information they may access. If additional laws do get passed, I think we’ll see them first appear in Europe, and my money is on Germany. Although many of our allies there are incensed by the depth and breadth of US government spying within their borders, I’d expect Germany to be in the lead because of their existing strong legal and policy bias toward staunchly protecting the privacy rights of citizens.
Another near-term response I’d expect is that organizations will take a long, hard look at their use of cloud services, deciding whether or not they need a different approach. Are they worried about government agencies accessing their information? What information do they really care about keeping private? Or, is this media circus simply not a big concern for them.
No, I don’t have a crystal ball, but I believe we’re going to keep seeing more news on this topic in 2014. And, for those of us working in IT Security, we’re definitely going to get far fewer glazed looks over the dinner table next week. I, for one, am truly thankful for that.