E.U action needed to counter NSA surveillance, says security expert

News by Doug Drinkwater

Mikko H. Hypponen, chief research officer at F-Secure, didn't mix his words when describing the former CIA contractor Edward Snowden and European technology companies in London earlier today.

Speaking during his keynote talk at Infosecurity Europe on Wednesday, Hypponen delved into whistle-blowing in the modern age and - looking at the revelations from Snowden - said that this was not just a case of the US ‘misbehaving'.

“Many of these problems result in the fact that we Europeans have been unable to provide alternative services to US services,” said Hypponen. 


“It's the reason we foreigners keep using US services, even though we know the US has the legal right to access data, to collect and save our emails, and to track the location information on our smartphones.”

“Europe has completely failed in providing competing services,” he added, before noting that even the success stories (Skype and Nokia - now under Microsoft stewardship) get bought up by bigger American companies. To add insult to injury, he continued that some of the top US companies - like Whatsapp and Yahoo - were started by immigrants.

In a talk with SCMagazineUK.com after the event, Hypponen added that Europe is ‘failing to keep the best minds' in the continent, and suggested that a coordinated effort is needed from the European Union to develop ‘crucial' web tools, like search engines and web mail, away from the US jurisdiction.

“The EU should work together to create a [local] Silicon Valley,” he said. He added that Russia is leading the way in this regard with the Skolvkovo project.

As one example, he notes that F-Secure is hosting cloud services in Finland - a country which is not even under NATO control, but admitted that it is another thing entirely to get consumers and businesses on-board

“They're interested in it, but whether they will pay is another thing,” he told us, adding that businesses are more ‘bothered' about the US government potentially prying on their data.

Prior to directing his ire at European head honchos, Hypponen's talk looked at the actions of Chelsea Manning (nee Bradley Manning), WikiLeaks and Snowden.

And as always, the man who continues to leak documents on NSA and GCHQ surveillance elicited a mixed response from Hypponen, who believes that he should not be considered as a whistleblower, or as a hero.

He categories a whistle-blower as someone who has a ‘purpose' and who seeks to fix wrong-doings in an organisation or government by going public when the official route fails, and said that Snowden probably didn't fit this description.

“The question is is Snowden a hero or a traitor? That's a good question and one I don't have the answer to. I'd love to say that he is seen to be be a hero, that he sacrificed himself to save us - [but] I am not entirely sure that that's the case,” he told conference attendees.

The key here, said Hypponen- who boycotted the RSA conference in February (he spoke at Trustycon instead) over Snowden's leaks on RSA backdoors - is in the small details.

He noted first that the leaks were published on June 6, shortly before US President Barack Obama was due to speak with Chinese President XI Jinping on Chinese surveillance on the rest of the world, and further added that 30 year-old Snowden informed journalists Glenn Greenwald and Laura Poitras of his intention to leak data in Jan - some  six weeks before he got the job at contract outfit Booz Allen Hamilton.

Perhaps mischievously, he said that Snowden learnt to speak fluent Chinese at high-school, before admitting that this “of course doesn't prove anything”.

“The Snowden leaks could have been better timed to damage the US [in its talks with the Chinese],” said Hypponen.

Brian Honan, independent consultant and CEO of BH Consulting, was at the talk and while agreeing with Hypponen thoughts on Snowden not being a hero, he believes that consumers and businesses face surveillance wherever they are. “Other nation states do surveillance as well,” he said.

Where he does see a greater kick-back though is on the issue with the cloud, with many of his clients wary of cloud services under US control.

He added to SC: “You need to look at the type of information that's in the cloud and how secure that should be,” with a nod to encryption and encryption keys.


Update: Some time after the keynote, Garry Sidaway, global director of security strategy at NTT Com Security said that 'clawing back' data to Europe would be a 'pointless' exercise.


"In light of comments made by Mikko Hypponen who suggested that Europeans are using US-based online services even though data is accessible to the US government due to no alternative, is not a worrying statement," he told us via email.


"What does it matter if your data resides in the US or the EU? If you can prove the data is secure, and demonstrate compliance, the location of the data is relatively indifferent. Does anyone really know where their data is, and who has access to it? The action of clawing back data to the EU is a pointless exercise. From the perspective of a large company, it would limit our ability to conduct our business."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews