This week I spent time in Denver Colorado at the Rocky Mountain Information Security Conference or RMISC. This was officially the 10th iteration of the security conference that was driven by dedicated volunteers and thought the support of the local ISACA and ISSA chapters.
I was fortunate enough to have been invited to participate on the opening keynote panel at the conference with Javvad Malik, Eddie Mize, Jayson Street, Anthony Freed and an appearance of Presidential hopeful, John McAfee. The conversation ranged from compromised mobile devices to how we can work to make the information security field better overall and even discussing the return of the crypto wars.
Now, for those of you who might not recall, the crypto wars is a reference to the US government’s attempts to criminalize the use of encryption by the public. Not to mention labelling encryption as a munition to limit the export of this type of technology.
Back in the early 90’s Phil Zimmerman built what we commonly refer to as PGP and made it available to the public on the Internet. To put this in focus the US government actually began a criminal investigation against Mr. Zimmerman. The case was ultimately dropped in 1996 but, the bad blood was already in the water. Through numerous legal skirmishes we arrived at a “win” in around 2005 with the EFF winning their case agains the US government in court.
But, that never really went away. In 2013 the massive data breach by the government contractor Edward Snowden drew the world’s attention to the fact that governments around the world had continued on in their surveillance efforts.
Today, we see efforts in the United States, United Kingdom and France to employ legal mechanisms against people and companies who use encryption. We’re back in it again.
On the panel we discussed this new crypto war and the various government efforts to basically criminalize the use of encryption. There needs to be more communication to better educate the wider audience beyond the security and privacy circles so that the public can better understand the stakes.
We addressed this very point to the audience. Security folks need to move beyond the comfort zones and make an effort to discuss security issues in an accessible manner at events, as an example, that are typically of a non-security related focus.
The ridiculous nature of the efforts aligned against the use of encryption by the public as laughable at times but, truly frightening when you consider that they may very well win if we do not begin to address this issue.
Overall, the RMISC show was an excellent outing. The audience registration this year was up considerably from the event last year. There were excellent talks from the likes of Gene Spafford, Rich Mogull and Chris Wysopal. By and large, this is indeed an event that I’m looking forward to attending again next year.
Now, I have to fly so somewhere at a lower elevation so I can catch my breath.