Skip to main content
banner image
venafi logo

Edward Snowden Weighs in on Corporate Security and Encryption

Edward Snowden Weighs in on Corporate Security and Encryption

generic_blog_banner_image
November 10, 2016 | John Muirhead-Gould

When I learned that Edward Snowden would be speaking via video at Ohio Wesleyan University recently, I was curious to hear his perspective on security in the corporate world. I had the opportunity there to ask him for his thoughts on the changing attitudes of CIOs on encryption and why it doesn’t seem to be a top-of-mind priority for them, despite everything going on in the news.  

Here is a transcript of Snowden’s reply to my question:

“This is fortunate because it's being changed for us. Ultimately this comes down to the calculus of risk vs. reward for these guys. These guys are rational actors, theoretically, they're self-interested, and they're profit driven. It all has to be driven back to the profit motive before them in order for it to make sense. 

Now that people have some concern about how their data is being handled, that calculus is beginning to be affected. It's beginning to change, but in some cases it's not as rapid as we need it to be. In some, as you say, they're aware of it, they're kind of interested, but it's not at the top of the plate. However, we are currently experiencing the greatest crisis in computer security in history. 

If you look anywhere at any newspaper at any given month, you are seeing an unprecedented hack. Whether it's the DNC, whether it's Yahoo, who just a few days ago revealed more than a year later, that 500 million users' data was compromised. Whether it was the government, the Office of Personnel Management, where everybody's security clearance, background investigation, intensely private details that could be used by foreign intelligence services, things like that, the sort of crown jewels here. Everything is being compromised because of these decisions.

Because of companies going: ‘Selling the product is more important than Securing the product’.  There are two ways this is going to work. Either companies are going to get their act together and realize they need to be able to self-regulate in a convincing way, which honestly is going to be difficult to because it's just not their primary expertise. They're not security [experts] most of the time, they're product [experts].  So even when they are trying to do things…offense is easier than defense…

So we have to create a system that protects everyone.  And this is going to lead us to structures, I believe, that at some point will impose a liability for negligence in software security. Which means if these companies are not at least making a bare minimum effort, following best practices, using safe languages for example, or getting audits on their code, to make sure they're not at least making at least amateur mistakes that could be trivially detected. Which is how most hacks happen, they will find themselves with a very negative legislative environment that's going to impose an enormous amount of cost on them that I think that they would very much rather avoid.”

 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Woman with her head in her hands

The Pain of Certificate-Related Outages Is Very Real [And Completely Avoidable]

PKI, Public Key Infrastructure, automated security

How Machine Identity Protection Helps Keep Service Owners Safe and Satisfied

About the author

John Muirhead-Gould
John Muirhead-Gould
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat