DHS/SRI Infosec Technology Transition Council (ITTC) Meeting

Speaker:     Chris Soghoian, Principal Technologist with the Speech, Privacy, and Technology Project, ACLU

Abstract: Some of the most widely used encryption algorithms that protect our cellular phone calls were designed in the 1980s and broken in the 1990s. In the decades since, computer security researchers have refined these attacks, ultimately demonstrating that phone calls and text messages can be intercepted with a few hundred dollars worth of off-the-shelf hardware and some open source software. Yet, in spite of the many research papers published and demonstrations at high-profile security conferences, little has been done. The phone companies, in the US and elsewhere, continue to operate networks that use weak crypto. These companies and government regulators that are responsible for communications networks have neither warned the public about the insecurity of traditional phone calls, nor advised them about the ways in which they can more securely communicate. Moreover, efforts by activists to obtain documents showing how these flaws are being exploited for surveillance by law enforcement and intelligence agencies have largely been blocked, as agencies claim that publishing that information will reveal classified information.This talk, in part, is about the sorry state of our cellular communications networks. But it is also about the total failure of the computer security community to influence public policy, particularly when opposed by law enforcement and intelligence agencies, who want nothing to change and the public to be kept in the dark. 

Speaker:     Mary Aiken, Professor, Director of the CyberPsychology Research Centre at Royal College of Surgeons in Ireland (RCSI), and Producer on the CBS TV show CSI:Cyber

Abstract: Cyberpsychology is the study of the impact of emerging technology on human behavior, providing insight at the intersection between humans and technology, or as some say - where humans and technology collide. In cyberspace it can appear that nobody is in charge, and the challenge in an age of technology is perhaps to create an impression that there is in fact some accountability for use of technologies. Typological behaviors and motivations of threat actors will be explored, along with primary and secondary gains - with a view to implementing multi-faceted protection and prevention strategies and to ‘factoring the human’ into the cyber security equation. The technological, data and ethical requirements of various approaches will also be explored. The need to reconsider definitions in a current context will be addressed - for example what does privacy, identity, trust or resilience mean to a contemporary generation? Future cyber issues and trends will be explored, along with the role of media in disseminating cyber security and safety messaging, specifically in the context of the new CBS primetime television show CSI:Cyber.

Speaker:     Jon Callas, CTO and Co-Founder of Silent Circle

Abstract: Today’s mobile devices support unprecedented communications, allowing phone calls, text and multimedia messaging, video chat, etc. with contacts around the globe from a mobile phone, tablet, laptop, or desktop using cellular networks, WiFi, and the Internet. However, such communications are susceptible to eavesdropping, forgery, and replay, and mobile devices are vulnerable to network-borne attacks, endpoint compromise, and user errors. Encrypted voice and data communications and platform hardening offer the means to protect the security and privacy of our communications. On the other hand, the US Government worries that encryption is making it harder for them to find criminal activity, and potential terrorist activity. This talk will summarize the history and current state of secure mobile communications, and what the future might bring. What are the technical, policy, and legal challenges that must be addressed? What are the opportunities for new, secure modes of communications enabled by mobile devices? How can we balance the need to protect the privacy of law-abiding citizens and corporations and at the same time ensure public safety? 

Speaker:   Michelle Dennedy, Vice President and Chief Privacy Officer, Intel Security

Abstract: In recent years, the high profile theft of consumer information from Target, controversies over Facebook's privacy policies, and revelations of Internet surveillance by the NSA, have heightened a perception that personal information can no longer be safeguarded. Consequently, 80% of consumers now believe that total data privacy no longer exists, according to a 2014 Accenture survey.  Do we need to reboot our understanding of privacy for the digital age? What are the implications for companies, consumers, and citizens if online privacy cannot be protected? This talk will address keys to assessing the current climate and responding with strategic insight on critical issues of cyber privacy.