You can have your big data privacy cake and eat it, too: RSA

Privacy advocates may have concerns over the use of big data, but it seems that the conversations on how it could be used to enhance privacy are not being had with security companies.
Written by Michael Lee, Contributor

As RSA makes its big push into using big data to help businesses secure their information, executive chairman Art Coviello has said that privacy advocates worried about the big brother aspects of the technology need to be educated, just as security companies need education themselves.

During his keynote speech at the RSA Conference Asia-Pacific in Singapore this week, Coviello said he was amused that privacy advocates are worried about "big business and big brother governments" and how they might infringe on the privacy of users. His source of amusement stems from the belief that criminals, hacktivists, and "rogue nations" are already using the technology to impinge on user privacy.

However, Coviello doesn't see this as a means for security organisations to irresponsibly use big data under the justification that privacy is dead. Instead, he said it highlights the need for security organisations like itself to engage in dialogue with privacy groups that are unable to see how big data could actually be used to help prevent criminal activity.

"I'm all for privacy. That needs to be understood," he told ZDNet in an interview, while also saying that privacy groups need to be educated from the security side of what's happening to user privacy.

"They need to be comforted with what can be done to protect privacy with security; how we might be able to ensure that we redact names, that we anonymise information. There's a whole host of techniques that can be used to complete the mission without necessarily violating privacy."

Coviello said that the conversation is not simply a one-way street, either, and that it shouldn't be just about RSA and other companies telling privacy advocates simply not to worry.

"The privacy people would get an opportunity to educate us and say, 'You arrogant technologists, why don't you listen and hear our concerns?' and again, we should.

"I'm a big believer in if you get reasonable people in a room together, there will be a reasonable outcome, and it'll be quickly apparent who would be unreasonable or not."

But at the moment, Coviello said that no privacy groups are in talks with RSA over the privacy concerns of using big data. He said that had any wanted to voice their concerns, he would welcome the opportunity.

One of the more significant developments that big data could bring about in the future included solving the attribution problem to actually catch criminals.

Only recently, CrowdStrike co-founder and CTO Dmitri Alperovitch complained at AusCERT 2013 that if a robber broke into a house, no one would devote so much of their time into examining how the front door's lock was broken or picked instead of making arrests. Yet online, Alperovitch argued, security experts spend a disproportionate amount of attention on vulnerabilities and layers of defence — the broken locks — instead of concentrating on apprehending those responsible.

While big data makes the job of finding out what happened after the crime much faster, Coviello believes that as the technology gets better, and even faster, the possibility of actually catching criminals will become more likely.

"You'll be able to detect it timely enough to potentially trace it while it's going on. That may require the cooperation of law enforcement, ISPs, and others. I don't think there would be very many companies that could do that, but if you can detect it fast enough, that makes it a lot easier to trace it," he said.

"You want to get to the victim while he's still breathing, and use the forensic capability to find out where the wound is so you can treat it fast as possible. There's a big difference between a dead and cold body, and something that's happening in real time."

Michael Lee travelled to Singapore as a guest of RSA.

Editorial standards