User telemetry and encryption trade-offs need to be out in the open: Symantec CEO

Symantec President and CEO Michael Brown has said that openness and awareness is central when a user's privacy is traded away.

Symantec claims that it operates the world's largest civilian intelligence network, and according to President and CEO Michael Brown, the key to keeping customers happy with contributing their computer telemetry is to be open about it.

"We are very open about [telemetry collection], so customers really are opting-in to contribute that telemetry to us," Brown told journalists in Sydney on Tuesday.

Microsoft has seen considerable friction recently from Windows 10 users over its compulsory collection of telemetry, but Brown brushed such concerns aside.

ed bott

Is Windows 10 telemetry a threat to your personal privacy?

Microsoft has built an entirely new telemetry system for its 'Windows as a Service' engineering model. In Windows 10, you can dial data collection back almost to zero, but you can't turn it off completely. Here's why.

Read More

"Most people are not as concerned about that," he said. "But our approach is that has to be open for customers."

Symantec currently collects telemetry from 110 million enterprise customers, and 60 million consumer and mobile end-points, resulting in a database that monitors 8 trillion objects in real-time, and is updated at a rate of 200,000 rows per second.

"We've invested to understand more about the threat landscape than anyone else out there in the civilian world; there are probably a few governments who have invested as much ... but we don't think there are any other companies out there," Brown said.

"That makes us a really attractive partner to work with because our belief is the more we know about the threats, the more we can protect customers."

The company is currently building an analytics platform that will expose research data that was previously used internally to customers and third parties through an API. Brown said the data that will be available to all comers, including competitors, is built on top of Hadoop, Apache Kafka, and Storm. Symantec's first application using the platform, dubbed Risk Insight, is slated to be available in the next six months.

Brown also promoted an open approach to corporations working with governments and law enforcement agencies, and said that users should be aware of when their privacy is traded away.

"[If] we're giving the keys to encryption to law enforcement, because we want to serve a different purpose, then ... it should be in the light of day."

The Symantec chief said his company does not believe in backdoors, but that it would follow whatever legal requirements were made of it.

"We as a society, as an open society, have to make trade offs, and we are going to follow whatever we agree on with our laws," he said.

With the increasing use of cloud-based services and encryption, Brown said that the usefulness of firewalls has diminished compared to years past.

"A lot of what's been protected at network firewalls, now is bypassing the firewalls because you can't apply policy to something that's encrypted -- you don't know what it is -- and as more workloads move to the cloud, the firewall becomes less important," he said.

"With the age of less perimeter defence, it's important to make sure that your end-point's totally secured."

Brown has been at the helm of Symantec since September 2014, when he was promoted into the role from being interim CEO, a position he gained after the company fired former CEO Steve Bennett.

At the time, Brown was already a member of Symantec's board, having joined after the merger with Veritas Software in July 2005. Veritas was spun out earlier this year and sold to private equity firm, Carlyle Group, for $8 billion.

In its second-quarter earnings released earlier this month, Symantec reported net income of $156 million from revenue of $1.5 billion.