Schneier, if you haven’t come across him, is BT’s chief security technology officer, author, cryptographer extraordinaire and philosopher-cum-infosecurity out-of-the-box-thinker.
Basically, what he says in info-security circles is usually listened to, although his propensity to tackle the subject more from a socio- or even biological perspective than a mere discussion of bits and bytes can make quotable extracts from a conversation with him pretty thin on the ground.
That said, Schneier was on form last night, focusing on the topic of trust and the notion that all systems, be they sociological, biological and so on, need co-operation to work. These systems also feature, inevitably, ‘defectors’, who don’t obey the rules and require security to keep their activities to manageable levels.
All fine and dandy, but what about the future? Does Schneier think we’re all doomed?
Well he certainly believes that the gap between the bad guys profiting from new technologies and the good guys catching up is greater than at any point in the past thanks to the sheer volume of new tech and the huge social change it is spurring, which is somewhat worrying.
However, there is hope that all is not lost. For one, he declared the bad stuff that happens online still a “tiny percentage” of the whole.
“I’m a short term pessimist but a long-term optimist,” he added.
As the older generation dies out things will gradually change too, he explained, as new norms around things like privacy come into play, and even the music industry is eventually be forced to change.
“The internet is the greatest generational gap since rock n roll,” he declared.
“People stealing music now are doing what will be normal in ten years’ time, they just figured it out first. The business model of scarcity doesn’t work.”
In less reassuring news, he argued that the balkanisation of the internet is likely to continue as national governments seek to establish their own controls – particularly appropriate given we were sitting in the Conrad Hong Kong, just a few miles from mainland China and the Great Firewall.
“It turns out the internet does have boundaries,” Schneier concluded. “Governments are enforcing their rules more and more and it makes for a less stable internet but it is the geopolitical future.”
In a startlingly refreshing display of honesty, RIM CEO Thorsten Heins has come out and said the firm is steering clear of China when it comes to manufacturing to reduce the risk of IP theft which could cripple its business.
It’s a bold statement, given that in my experience most tech firms – and even analysts – are very reluctant to discuss China in anything approaching critical terms, especially when cyber security is mentioned.
It’s certainly a valid point. I’ve reported in the past for The Register how many multinationals are suffering IP loss from their Chinese business units.
As RIM is teetering on the brink financially and seems only to be able to differentiate competitively from its rivals by virtue of the superior security capabilities of its handsets and infrastructure, any breach would be a huge blow.
That’s not to say it is necessarily safer anywhere else, but eliminating China from the supply chain could be a wise move.
Kenny Lee, a forensics expert with Verizon Business, sat down with me on Thursday to explain what hacking activity he’s seeing inside Hong Kong and Chinese firms.
Interestingly, while he did admit there was a fair amount of “low level” IP theft from firms in the region, mainly due to employees looking to set up their own businesses, there is a more insidious data leakage problem – technology transfers.
These agreements are usually foisted on foreign multinationals wanting to expand into China. The deal is that they have to partner up with a local Chinese firm by law to sell into the country’s huge market, and in doing so will usually need to share IP with them.
After a certain point, Lee explained, the Chinese partner usually has enough knowledge to pull out of the venture, having sucked all the IP it needs from its foreign partner.
There’s the rub for foreign firms such as BT, who can’t gain direct access to the market but equally reject the idea of handing over their hard-earned IP.
There’s no chance of things changing from the top anytime soon, so foreign firms will continue to have to weigh the risks and make that judgement.