- SMB Spotlight
The UK government’s former chief information officer has defended the rights of nations to gather data and spy on citizens, although warned that there must be clear oversight into these practices.
John Suffolk, who left a post in the UK government in 2011 to become global cyber security officer for Chinese vendor Huawei, wrote in a blog post that nations must have the ability to scan data and try to protect citizens from any threats.
“I am quite clear I want my government to have as much data as possible. I want them to have the tools, techniques and resources to mine this data to stop a terrible event from occurring – stopping one event is good enough for me,” he said.
However, he admitted that it was vital that policies were in place from the highest level to protect private businesses from becoming government pawns.
“Having said that I want the legal frameworks to be in place, I want transparency, I want oversight and I do not want my government (or any government) to cross the line and weaken security for all by building in backdoors, weakening crypto or any of the shenanigans that have occurred with the American tech industry,” he said.
“The moment we confuse the role of the state in national security and the private sector in national security we are all doomed to a life where there are no holds barred.”
Nevertheless, Suffolk said that given the needs of governments to gather data, and the fact that many systems in use do not have the highest levels of protection, the ability for spy agencies to access data should not come as a huge surprise.
“In summary we need a little more realism about what security agencies do and their capability to attack and breach the security of companies and governments through any vendor’s equipment,” he said.
“No government will demand that every technology system they operate runs at top secret. No company will demand that every system they run is at top secret and few citizens will demand their phone, tablet, PC, etcetera runs at top secret. So we should not be surprised that the NSA has a catalogue of tools and techniques to break into vendors' equipment given this is what they do.”
Suffolk also used the revelations from the PRISM spying scandal and its fallout to urge the security sector to come together and work harder to improve standards.
“There are no internationally agreed security standards; there are no agreed standards on product verification; there are no agreed internal laws or standards of behaviour for governments to operate in the digital world," he said.
"In our view, it is paramount that the entire ecosystem of governments, industry and end users step up to collectively work on the problems and challenges we will face in the future.”
The comments come a few days after more data concerning the NSA's spying agenda was made public, with claims that it is working on a quantum computer to have the ability to crack any encryption codes.