This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

KPMG partner calls for privacy protection

Share this article:

KPMG partner Stephen Bonner gave a bravura performance at Tuesday's BSides London conference that involved him wearing makeup, wigs and an electric shock device in the cause of protesting against our lack of privacy.

KPMG partner calls for privacy protection
KPMG partner calls for privacy protection

Past surveys have shown that the security community is less shocked than the general public at the ‘Snowden revelations', but Bonner told the BSides audience that there is almost no way to protect people's privacy in the physical space and “no effective way to protect yourself online.” And rather than take the attitude ‘get over it', he urged security professionals to “stand up and do something about it.

“Start making tools that make a difference. Because privacy is an important principle for all of us.”

Bonner's initial appearance in a shirt and tie gave no clue to the eccentric - and massively well-received -presentation that followed.

He launched in by saying: “I sometimes get angry. I sometimes rant. I tell people off in a rude and  offensive way because I really care about this subject. For me the basis of our entire democracy is based in privacy. The idea that we have a private ballot is key. Privacy is a fundamental human right, right up here with the right not to be a slave, with the right not to be tortured.”

Bonner then talked his audience through the threats to both physical and online privacy. Physically, he illustrated the pervasive nature of CCTV in a demo which involved him getting an electric shock every time a CCTV camera was seen.

He ran through ways to circumvent CCTV, as well as facial recognition technology (hence the makeup and wigs), and showed a video of what happens when someone wearing a balaclava walks into a bank to try and open an account (they are variously thrown out, wrestled to the ground and the police called).

The point of his presentation was there were no workable solutions to this surveillance – and the next step, the Internet of Things (IoT), takes the threat one stage further, he said.

“The Internet of Things provides a level of tracking that's unprecedented. That means that the adversaries don't even need to deploy cameras, people choose to carry their own things that record what they're doing and broadcast their position,” he said.

Again Bonner highlighted the difficulty of finding a workable solution to combat this, including a serious MIT research paper that looked at the (successful) use of tinfoil to block signals coming in and out of electronic devices.

He went on to consider the online privacy threat, and the solutions that the security community have so far developed. He considered using the Tor network for private communication (“a great idea”), but highlighted one crucial problem.

“Nobody uses it. So if you are the US Government, one of the easiest ways to identify targets is if they use Tor.”

Bonner also looked at PGP email encryption (largely unusable), using a secure Blackphone (“the user is saying please hack me”), VPNs (“brilliant if you want to use iPlayer on holiday but that's about it”), and the Lavabit private email system (“don't use any service that Edward Snowden uses”).

He concluded: “There's no effective way to protect yourself in the physical space except tinfoil and there's no effective way to protect yourself online.”

To prove his point that no privacy solutions so far work, Bonner confided: “I was speaking to someone who works on an offensive nation-state team that looks into breaking into things for the nation that they work for. He explained that there is nothing he can't break into.”

And while solutions like the Blackphone might provide individual security, Bonner said this is not enough. “Privacy should not be limited to a select few handsets for individuals who have something to hide. Privacy should be the default for all.”

He told his audience: “We're building a world in which we're building electronic systems which are not constrained by morals. We're building an infrastructure that monitors everything we do.

“It seems like something worth being worried about. Maybe we shouldn't build a massive surveillance infrastructure not only because bad people might get access to it but particularly because the coming AI (artificial intelligence) apocalypse is going to get access to it.

“Currently we don't have any privacy. It's not ‘get over it', it's ‘stand up and do something about it'. Start making tools that make a difference. Because privacy is an important principle for all of us. The answer is not building private solutions, but building privacy into all our solutions.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.