Information security professionals and technology vendors from Europe and beyond descended on London this week for the annual Infosecurity Europe conference.
The topics of privacy and surveillance dominated conference presentations and panels. That befits Europe's reputation for not only taking people's privacy seriously, but often treating privacy as a right unto itself, which need not necessarily be weighed against business interests or market demands.
Finding answers to many of those concerns, of course, remains difficult because of the continuing rapid evolution in consumer technology, as well as the default tracking arrangements, into which many consumers opt in simply by using free mobile apps. "If you download anything for free, then you're the product; nothing is free," said Troels Oerting, head of the European Cybercrime Centre (EC3) and assistant director for the operations department at Europol, the EU's law enforcement agency. But in the future, he predicted that Europe would pass legal "standards for protection."
In fact, EU officials and lawmakers are revising Europe's watershed 1995 Data Protection Act, which for many global privacy experts remains the gold standard in how people's privacy rights can be protected. But David Smith, deputy commissioner at the UK Information Commissioner's Office, said in an interview at the conference that, even though EU officials hoped to have a new law in place last year, Edward Snowden's NSA leaks stalled negotiations.
Furthermore, as with Congress in the United States, crafting new laws is rarely a fast process. "The existing European directive behind our current law took five years to negotiate," he said. By contrast, "we're getting on to three years now [in terms of negotiations into the new law], and it's much more complicated now" than in 1995. That's thanks in no small part to the rise of the Internet and mobile devices since the first law went into effect.
The specter of US government surveillance, as highlighted by Snowden's NSA leaks, dominated many conference discussions, especially when it comes to how the NSA's digital dragnet affects Europeans' rights. "As a society, what's the danger to us?" Graham Cluley, an independent security analyst, asked during a conference panel on cybercrime. "I think the danger to us might be the erosion of our privacy, mainly state-sponsored surveillance, which our government is doing or allowing to be done to us."
But Mikko Hypponen, chief research officer at F-Secure in Finland, said there's an upside to the technological evolution that's allowed the NSA to conduct massive amounts of surveillance, in that such programs remain vulnerable to whistleblowers and leakers. "The Internet and technology like this have enabled wholesale blanket surveillance on us. Governments can watch us because the information is so accessible and easy to store," Hypponen said. "However, it's the very same technology that allows us as citizens to get information about wrongdoing and make it public, so while the governments are watching over us, they know that we are watching over them."