Transparency is the new industry buzzword
SCMagazineUK.com reported from this week's IP Expo Europe conference and the overriding theme from two days of keynotes, talks and interviews seemed to be how government surveillance is impacting every area of the security industry.
In particular, some of the most prominent topics were around data ownership, cloud security and big data privacy as well as transparency – something that is being pushed now by both governments and corporations.
For instance, Sir Tim Berners-Lee, the inventor of the World Wide Web, told journalists at the show how GCHQ's new head Robert Hannigan is keen to explore ways his agency can retain its power but at the same time become more accountable.
“I talked to the new head of GCHQ who dropped in and asked how should GCHQ be more powerful and still be accountable. It's tricky, it's a difficult problem,” he said.
“He asked, ‘how should we build a system?' and ‘how should GCHQ do what the British public needs it to be able to do; to be a powerful force and still be accountable?
One day later and Microsoft's cyber security honcho was spelling out how the firm – in the wake of the same revelations – had tried to become more transparent, more security-focused and protect the data of the customer.
“We believe your data is your data, we look at it like were the landlord of the data,” said Jeff Jones.
Some cynics may of course argue that this is too little, too late – a damage limitation exercise orchestrated by public relations – but these moves might be seen as progress.
‘Who do you trust with your data' is a pertinent question
Who do you trust with your data? That's a question that is cropping up, and no-one seems to know the answer. Governments have been found out spying, and even the most reputable companies are facing up to damaging data breaches.
Target, eBay, Apple and JPMorgan are just a handful of high-profile victims but, such is their reputation, there is a lack of viable alternatives.
NATS CISO Andy Rose touched on this by saying that people were hardly going to store cash under the bed when a bank gets hacked.
Meanwhile, F-Secure security researcher Mikko Hypponen told SC recently that some teenagers were moving from WhatsApp to Telegram due to data privacy fears following the former's acquisition by Facebook, only not to recognise that the latter is Russia-based and could be subject to government interference. This showed that there is ‘no easy alternatives', he said.
Snapchat blames breach on third party
Following in the wake of the Apple iCloud hack which saw the leak of hundreds of naked images of celebrities, Snapchat confirmed today that it had suffered its second major data breach in 2014.
The instant messaging application is popular among teenagers – half of its users are aged 13 to 17 – as it allows users to send images and videos that self-destruct seconds after being sent. Facebook bid £1.87 billion for the Silicon Valley start-up late last year, but saw its offer turned down reportedly due to differences between former Stanford University students Mark Zuckerburg and Snapchat CEO Evan Spiegel.
Security, however, has not been a strong point up until now; the firm was hacked in January resulting in the loss of 4.6 million user names and phone numbers, and today it confirmed that hackers had gone via a third-party application to post thousands of naked Snapchat images on a web forum.
Earlier this week, an anonymous user of the 4chan website claimed to have hacked into Snapsave – an image-saving service that allows Snapchat users to store pictures received before they self-destruct – and the first pictures have appeared on the forum.
Snapchat has denied that its servers were breached and are instead pointing the finger at Snapsave (an Android app), which it says is an illegal third-party app, and Snapsaved.com.
"We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed."
The hack once again brings into question what the balance is between usability and security for software development, and what controls companies are putting in to ensure that third-parties are protecting their data.