The panel, moderated by Jennifer Granick, featured Jeff Moss, Adam Shostack, Marcus Ranum and Bruce Schneier. The panel dedicated the lion’s share of their time to a discussion around the responsibilities and role of the government – the current state and the ideal scenario.
Marcus Ranum argued that it’s “government’s job to protect us” and most of the panel agreed. Moss said government plays an important role in those things that the “private sector isn’t interested in”, including development of needed new technologies.
As an example, he told how the Department of Homeland Security has been involved in DNSSEC and secure BGP work. “Both are important for the security of the internet”, but the lack of commercial advantage to the public sector meant that DHS had to step in. “The[private sector] are good at innovating products”, he said, “but not as much when it’s for the common good.”
Schneier also agreed that it’s time for the government to “step in and do the national security stuff.” Interestingly, in a poll of the audience asking whether they were more afraid of Google or the government accessing their information, a significantly larger proportion voted Google.
Moss expanded on this by suggesting the reason behind this consensus. “The innovators in our generation are working on converting click-through rates – not a good use of their time or talent.”
Ranus, however challenged this by recalling, “Remember Wikileaks? What I learnt from that is that the government really sucks at handling classified data”. In retort to the audience poll, Ranus joked, “The thing with Google is at least it as a really good history of getting things done” which provoked laughter from the audience.
The panel was concluded by a look into the future, where it was agreed that “there is a long way to go”, but that in 2022, we are likely to be seeing improvement for having tried to make it better.
| Other notable comments from the panel: |
| Schneier: “Spam is one of our greatest success stories. AV really works”. Schneier: “Recovering quickly [from a data breach] and carrying out forensic analysis are in conflict. Forensics is often a secondary concern for organizations that have been breached” Ranum: “This secret my shock you. Apple keep their new products secret until just before release – but the Chinese know long before we do. The development is outsourced to them in the first place” Schneier: “We do business at a disadvantage [in the US] because we don’t accept bribes" |