Leading government and private sector security experts sparred with consumer advocates during an RSA Conference panel session this week, illustrating the immense challenge of balancing the best technology and policies to ensure national security versus the need to protect individual privacy and what benefits enterprises could derive from it.
In light of recent cyber attacks on Google, Adobe Systems and a slew of other private and government organizations, eSecurity Planet takes a look at both sides of what has become a crucial and extremely polarizing security debate.
While some experts recommend requiring every software company to maintain their applications and issue patches immediately, the technical and financial realities make such a solution all but impossible. Others are advocating that all major ISPs allow deep-packet inspection of their network traffic to root out malware.
But doing that, privacy groups say, would open up another whole can of worms and lead to the likely use of this data for unsolicited marketing efforts—or worse. While this tactic would surely reduce the opportunities for hackers at home and abroad from distributing their malware over the broader networks, it could certainly compromise individual civil liberties.
“I think we have to be careful here,” said panelist Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC). “Telephone companies have always had the right to listen in on calls to ensure service, and that gives them access to some content. But we’ve had difficulty with content filtering and the truth is that deep packet inspection opens up commercial opportunities.”
Rotenberg said he fears that companies, once given the green light to check accounts for security reasons, will be that much closer to gaining personal information on individuals that can be used for marketing or be resold.