IAPP-GDPR Web Banners-300x250-FINAL

Mike Janke spent 14 years as a Navy Seal. He’s been around the block, so to speak. And the U.S. government’s decision to circumvent the controls in place to protect innocent citizens’ communications en masse has him scared right now. He’s scared because there’s one thing he knows for certain.

“There’s never been a power that a government has granted itself that it has later pulled back,” he said during a session at RSA 2014. “That’s like trying to figure out how not to pay taxes. It’s impossible.”

Janke, now CEO of year-old private communications service Silent Circle, was talking about the “Summer of Snowden” revelations during a Tuesday session at RSA 2014 titled, “Mission Impossible? Building and Defending Zero-Knowledge Privacy Services.” He was joined by Ethan Oberman of cloud-based synchronization and sharing service SpiderOak and Nicko van Someren, CTO of Good Technology, to discuss the new premium on “zero-knowledge” technology models that allow users to maintain complete control of their data access. In other words, business models in which the customer is not the product.

Oberman said the good news about the NSA revelations is people are more aware than ever.

“Snowden made this issue international, and people are more aware now than they’ve ever been,” he said, adding he recently “had a conversation with my grandmother about it.”

Now that people are paying attention to privacy and their data, it’s possible and important to shift the conversation to the realization that technology is part of our lives, whether that serves corporations or consumers, Oberman said. People with an understanding of technology can play a key role in which way the scale shifts.

If you think about baseball bats, 99.9 percent are bought by moms and dads to take their kid to play ball. But 0.1 percent are bought by Bruno and Rosco to bust kneecaps. Do we need to regulate baseball bats? No. We’re humans—0.1 percent will use things for nefarious reasons. That’s the fact of the matter. We’re trying to protect the 99.9 percent.

Silent Circle’s Mike Janke on regulation

“We don’t have to wait for regulations to pass to create technologies to prevent certain things from happening,” he said. “We get to do these things on our own without the government getting to say one way or another.”

In fact, regulations might not be the answer at all, the panelists said. We’ve got to be careful, or “we’re going to destroy the innovative engines that got us where we are today,” Janke said. “I don’t care if it’s Congress or the EU. Whoever is subverting the will of the people and putting at risk trillion-dollar industries … the people have to stop that somehow.”

The Answer Lies in Innovation

Van Someren said it’s unrealistic to expect the problem will be fixed by asking governments nicely not to spy on all of us in order to catch a small subset of the population. Instead, we should create technologies that will “fundamentally and structurally protect us against this sort of thing.”

Jenke agreed that innovation is key, telling the room their value add can be in ensuring that there’s a level of control that gets into the user’s hand. “Where the user says, ‘I’m okay with giving this [data] up, but this I am not,’” he said. And it shouldn’t require a CTO to figure that out.

“That’s what we as innovators can bring,” he said.  “You want to leverage the services data can provide, but there are some parts of our lives we do want kept private, and understanding how these things work together is important,” he said.

Pushing The Ball Forward

Jenke said he’s more excited than ever about the zero-knowledge space, and especially for hardware.

“You’re gonna see some young kids around the world creating wearables, and the Internet of Things is going to transform your life even more,” he told the crowd. And such innovation is really good news for information-security professionals, he said, because innovation is traditionally 12-18 months ahead of security. And that means opportunity to fill the gap – for privacy pros, too.

From left: Mike Janke, Ethan Oberman, Nicko van Someren, and moderator Sutha Kamal

“The things in our home, somebody has got to secure them,” Jenke said of such innovation as Internet of Things (IoT) toasters that can talk to blenders about power consumption and peak use-times. “These things are not built with security in mind. It’s folks like you that come up with how you do that. It’s more business for people like you.”

Van Someren echoed Jenke’s excitement, citing the democratization of innovation with platforms like Kickstarter, allowing people with good ideas to turn them into funded products, and opening the opportunity for people who know nothing about security and privacy to start buildings products on top of both.

Oberman said IoT innovation is already well underway. After all, there are now various IoT vendors building platforms with privacy and security baked in so that when innovators come along who actually want to build an Internet-connected toaster, the potentially precarious privacy implications are already thwarted.

“We call this building privacy from the ground up,” Oberman said, adding that while security is something that can be bolted onto a product as an afterthought, privacy isn’t the same.

“But if you build privacy as a platform, you’re building on something where you can control how information gets pushed around,” he said.

For example, his team has created an open-source app called Crypton, allowing app developers to build on top of it.

“Out of this can come a zero-knowledge API layer, in which apps can exchange data but the server doesn’t know what data it’s actually sorting,” he said. “And we are just one potential solution to this. One shift. Privacy is one of those things you really have to think about when you take your first step out the door.”

As for the future? Well, it’s looking good, Jenke said.

“I’m more optimistic about the future of security than I’ve ever been, because it’s just absolutely cool, the things that are coming out,” he said. “We will never have a total solution; we will always be here at 65th RSA event, when we’re 70, because there’s gonna be hackers and weak links.”

Read More by Angelique Carson:
From RSA: In Times of Distrust, Innovation and Collaboration Will Be Key
NTIA Holds First Meeting on a Facial-Recognition Technology Code of Conduct
Will the FTC’s Recent Safe Harbor Settlements Quench Europe’s Thirst for Increased Enforcement?
With Rodriguez Tapped for DHS, Who’ll Call the Shots at OCR?

Written By

Angelique Carson, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»