Skip to main content
banner image
venafi logo

Edward Snowden Weighs in on Corporate Security and Encryption

Edward Snowden Weighs in on Corporate Security and Encryption

Snowden on encryption
November 10, 2016 | John Muirhead-Gould

When I learned that Edward Snowden would be speaking via video at Ohio Wesleyan University recently, I was curious to hear his perspective on security in the corporate world. I had the opportunity there to ask him for his thoughts on the changing attitudes of CIOs on encryption and why it doesn’t seem to be a top-of-mind priority for them, despite everything going on in the news.  

Here is a transcript of Snowden’s reply to my question:

“This is fortunate because it's being changed for us. Ultimately this comes down to the calculus of risk vs. reward for these guys. These guys are rational actors, theoretically, they're self-interested, and they're profit driven. It all has to be driven back to the profit motive before them in order for it to make sense. 

Now that people have some concern about how their data is being handled, that calculus is beginning to be affected. It's beginning to change, but in some cases it's not as rapid as we need it to be. In some, as you say, they're aware of it, they're kind of interested, but it's not at the top of the plate. However, we are currently experiencing the greatest crisis in computer security in history. 

If you look anywhere at any newspaper at any given month, you are seeing an unprecedented hack. Whether it's the DNC, whether it's Yahoo, who just a few days ago revealed more than a year later, that 500 million users' data was compromised. Whether it was the government, the Office of Personnel Management, where everybody's security clearance, background investigation, intensely private details that could be used by foreign intelligence services, things like that, the sort of crown jewels here. Everything is being compromised because of these decisions.

Because of companies going: ‘Selling the product is more important than Securing the product’.  There are two ways this is going to work. Either companies are going to get their act together and realize they need to be able to self-regulate in a convincing way, which honestly is going to be difficult to because it's just not their primary expertise. They're not security [experts] most of the time, they're product [experts].  So even when they are trying to do things…offense is easier than defense…

So we have to create a system that protects everyone.  And this is going to lead us to structures, I believe, that at some point will impose a liability for negligence in software security. Which means if these companies are not at least making a bare minimum effort, following best practices, using safe languages for example, or getting audits on their code, to make sure they're not at least making at least amateur mistakes that could be trivially detected. Which is how most hacks happen, they will find themselves with a very negative legislative environment that's going to impose an enormous amount of cost on them that I think that they would very much rather avoid.”


Like this blog? We think you will love this.
Featured Blog

How DoS/DDoS Attacks Impact Machine Identity, Digital Certificates

For safe and secure utilization of machine identities such as SSL/TLS cer

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

John Muirhead-Gould
John Muirhead-Gould

John is a Strategic Solution Architect with Venafi, whose interests and experience encompass Business Intelligence and Analytics, Cloud Services and Solutions, Digitalization and Digital Marketing, and Cybersecurity and Information Security.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more