Forget PRISM: Global Cyberchiefs Say They Need to Pry Even Further

  • Share
  • Read Later
Getty Images

The exposure of the PRISM data-collection program might not fall squarely under the heading of the third annual International Cyber Security Conference, which concluded on Wednesday at Tel Aviv University. The secret data-collection program, by which U.S. intelligence agencies routinely vacuum up huge amounts of private communications from Internet users, stands outside the realm of safeguarding the cyberworld from attacks. PRISM is defended as an antiterrorism measure, necessary to detect plots as they are hatched between evildoers communicating with one another online.

But it turns out that, from the point of view of the watchers gathered in Tel Aviv, it’s all about expanding their gaze even further. The chairman of RSA, the digital-security company best known for its password key fobs, made the case for “full visibility into all data” as essential to detecting and thwarting threats to the cyberworld as well. Art Coviello, who is also executive vice president of EMC, which now owns RSA, said computer security is no longer about throwing up a fire wall between a piece of equipment and the outside world. Consumers now move between so many digital devices, and entrust information to the cloud, that the idea of “a perimeter” has been falling apart since 2007. Coviello gestured to zettabytes — four levels up from a gigabyte — to drive home his point that there’s just too much data moving out there to protect on site: understanding, he said, that 1 zetta is equal to 4.9 quadrillion books, the world traffic in data was a quarter of a zettabyte in 2007, but had become 2 zettabytes in 2013 and by 2020 might be 40, or even 60.

(VIDEO: The NSA PRISM Surveillance Program in One Minute)

“The attack surface is great,” says Melissa Hathaway, a former cyberspace specialist for the White House’s National Security Council, noting the profusion of smartphones, tablets, laptops and other devices that eventually will produce what several speakers referred to as “an Internet of things.”

Safeguarding the data that moves among all these things is no long a matter of building walls and more one of learning to spot threats in the massive flow. “Big Data makes an intelligence-driven model viable,” Coviello says. Seeing everything that flows among servers around the globe, he says, “will allow us to spot the faint signal of an attack.” It is the nature of “hacktivism,” or malware, or anyone threatening the orderly functioning of the cyberworld: “Full visibility into all data,” he says, will allow cybersecurity authorities to “spot abnormal behavior in people and in the flow.”

All of this of course requires the trust of the people whose data is being collected and studied, even if only from a distance, as “flow.” In the slide show that accompanied Coviello’s remarks, this small matter was brought home by a particular image: a Rubik’s Cube, shaded gray and blue, and adorned with arrows and labels taking in the areas that needed to be addressed: security management, intelligence, controls. As it happens, an actual Rubik’s Cube figured in the cloak-and-dagger that led to the exposure of PRISM: Edward Snowden, the former CIA and NSA computer specialist who passed on documents to the Guardian and Washington Post, identified himself to Guardian reporters in the lobby of a Hong Kong hotel by carrying a Rubik’s Cube — the ’70s-era puzzle being the geek version of the red carnation in the lapel, apparently.

Snowden has said he exposed the program — and came forward publicly to acknowledge doing so — so that ordinary people would have the information to judge for themselves whether to tolerate PRISM, which U.S. officials had kept secret. For their part, most cyberprofessionals clearly think it’s no big deal. Another of Coviello’s slides predicted that, by 2020, the advance of social media would result in an utter “absence of privacy.” But he also acknowledged that not everyone likes the sound of that.

“Given the reports in the U.S. press recently,” Coviello said from the podium, “we do need to have a better conversation about privacy.”

MORE: PRISM by the Numbers: A Guide to the Government’s Secret Internet Data-Mining Program

33 comments
AART
AART

Today, June 15,  the Wednesday hearing of the Senate Appropriations Committie on Cybersecurity and Surveillance is being streamed on CSpan TV, but can be accessed via the internet.  This stream of the live meeting will be available in the c-span archives for future reference..

AlbertRaymondJones
AlbertRaymondJones

If it walks like a duck,looks like a duck,quacks like a duck then it is a duck.

PRISM looks like an INDUSTRIAL ESPIONAGE SYSTEM. So the rest of the world will need to take action AGAINST THIS!

It is wonderful what supercomputers and data-mining software can do. Who is trying to start another COLD-WAR or WORSE.Expect

smoke and mirrors and other distraction techniques.

TheHeret1c
TheHeret1c

@TIME @TIMEWorld PRISM remind me a dialogue in Game Of Throne. "Lord Varys knows what you eat in yesterday's lunch". NSA are eunuch's birds.

TheHeret1c
TheHeret1c

@TIME @TIMEWorld The story of PRISM sound so similar to Hollywood movie's common portray of the dark US government.

AverageAsianZ
AverageAsianZ

@TIME @TIMEWorld I bet you a beer that the global cyber chief's wife is cheating on him with a nerd....hence all the snooping.

Chad M. Harris
Chad M. Harris

Really? Just how much farther than they pry at this point?

Lorena Ochoa
Lorena Ochoa

Sometimes I feel that someone is watching me. LOL

yfzweig
yfzweig

the problem, the very big one, is that industry itself has secrets, and especially to keep the pace in fostering startups, the prism program and all your talk about complete transparency is utter bull. 

given the human nature, inventions will infallibly be stolen by big money and funneled into hands of their liking. Happened to me with a 100M USD invention. One day I woke up to find a patent I hadn't written, with my invention and a date that pretty clearly showed where it had been coming from.. namely me. Only, go prove it, in a jurisdiction 6000 miles away and with no money.

so, it is not just about "finding the threats to cybersecurity. The very apparatus that should protect me turns against me and crushes my life's work. 

great. 



arvay
arvay

 "Art Coviello, who is also executive vice president of EMC, which now owns RSA, said computer security is no longer about throwing up a fire wall between a piece of equipment and the outside world.

Yes, computer security is not about YOUR security and privacy, you naive little dot on the ground, it's about what we -- the people who own you -- will make it.

So anyone really believe that these "computer security" firms haven't built in "backdoors" to encryption schemes so the people you gotta trust can look in whenever they want? 

Sorry, chumps, you people can never match the Big Bucks we can make from the governments that vacuum up your tax money.

bizsprite
bizsprite

@RSAConference @TIME Old saying- "power corrupts". The more you have the more you want. Cyberchiefs greed is normal result of ignorance.

SpaceCoastLaw
SpaceCoastLaw

@TIME @TIMEWorld Just that one little thing: it's unconstitutional. Also, we face more danger from gun nuts. Also: they couldn't stop Boston