Saturday, March 1, 2014

CloudFog: Stephen Colbert's solution to all of your secure data requirements

"If you're not kraeusening your data, you might as well be giving it away". -- Stephen Colbert (RSA Conference 2014, closing keynote)

The grand denouement of the 2014 RSA Conference was the product launch for Stephen Colbert's new secure data service 'CloudFog'. It's not really my field so I struggled once he got going on the technical details (something about an advanced, polyhedral something-or-other). But he's obviously made substantial breakthroughs in practical fully homomorphic encryption -- exciting times for the crypto community.

Of course, Colbert wasn't just there to drum up business for his side project (a practice which I thought was generally frowned upon in keynote speakers).[1] Presumably the conference organisers invited him in his capacity as "perspicacious social commentator". For me, surrounded by security and crypto chat every day -- like pretty much every other delegate there, I expect -- it was interesting to get an "outsider's" take on what the big topics are and how they are perceived by the wider world.

So, yes, we had "The Cloud". It doesn't take a security expert to spot the steady growth and increasing reach of that nebulous beast. But I did think it was rather insightful on Colbert's part to apparently pick up (perhaps inadvertently) on the particular challenge of computing on encrypted data, not just storing it.

He also touched on Bitcoin a couple of times: from the perspective of its instability -- joking that RSA had paid him in MtGox vouchers -- as well as from the perspective of the arbitrary nature of 'value'. "I don't really understand it. I don't really understand gold. It sounds like a fun game that got out of control… Just like money generally." (Or words to that effect -- apologies for inaccuracy/degradation of wit).

Of course, he couldn't really not talk about PRNG backdoors, given the RSA 'scandal' (it surprises me that no-one seems to have yet coined the oh-so-tempting moniker 'backdoorgate'), and the subsequent pressure on him to boycott the conference. If I understood his reasoning rightly (and I might well have got the wrong end of the stick) his argument seemed to be that escaping the reach of the NSA was a pretty tall order for any corporation and that he'd rather they were getting paid for the obligatory relationship than not. As for his personal reasons for keeping his engagement to speak, he toed the classic self-reproachful line with a few wisecracks about financial incentives -- "my conscience was clear as long as the cheque was", but also seemed quite keen to highlight media insistence as another form of encroachment on freedom.

And that brings us round to the really hot topic of government surveillance in general, and the Snowden revelations. He was quite restrained, I thought (much more so than in his legendary performance at the 2006 White House Correspondent's Dinner). But still, he got his jibes in. To paraphrase: "These programs are designed to root out terrorists. It shouldn't bother you if you're not hiding anything. And since nothing can be hidden from the NSA, nothing is bothering you." … "Who here supports Edward Snowden? Keep your hands up so the cameras can get your faces…" … "Mind you, the revelations haven't affected recruitment. The NSA are still getting a lot of résumés -- some of which were even sent to them."

However, he seemed careful to neither over-simplify, nor turn the NSA into an easy 'bad guy' out against the 'innocent public'. Voters elected the leaders that voted on the Patriot Act, and continued to support them in the wake of it. He didn't labour the point, but I believe "passive acquiescence" were the words he used. "After all, give someone unlimited power and no supervision and the results are always fantastic…" (or words to that effect). He was also critical of Snowden, on the basis that his stated motivation was to make Americans aware of the extent of domestic surveillance, but in practice he has been no less willing to leak information on foreign intelligence -- which in Colbert's view has jeopardised appropriate national protections. He was measured and cautious in his comments on Snowden, but did make the interesting suggestion (in a moment of seriousness during the Q&A) that if you believe something is the right thing to do, and that that something is against the law, then part of doing the right thing involves facing the legal (and other) consequences of those actions -- his implication being that maybe Snowden should return willingly to face trial.

Colbert may not be an expert on cybersecurity, nor the legal and political issues surrounding it, but he does make a living from scrutinising society and highlighting absurdities in human behaviour -- in my opinion, very insightfully and wittily. His talk was lively and impressively well-researched, and got the issues out on the table in a way that most of the experts and officials speaking throughout the week were necessarily restrained from doing. For me, it was the perfect finale to a fascinating and somewhat surreal conference experience.

[1] I feel obliged to clarify that "yes, I do know he was only joking", lest I invite a deluge of mockery or correction.

No comments:

Post a Comment