Revelations from whistleblowers including Bradley Manning and Edward Snowden have shed light on both government surveillance, and poor security practices, according to Mikko Hypponen, chief technology officer at F-Secure.
Speaking on the second day of Infosecurity Europe 2014, Hypponen argued that revelations from the two whistleblowers performed a public service, even if he is not personally sure whether Snowden is "a hero or a traitor". "I don't have the answer," he said. "I would like him to be a hero who sacrificed himself for us, but I am not entirely convinced that is the case."
According to Hypponen, Manning's case, which included revealing abuses committed by US troops in Iraq, was a clearer-cut case of whistleblowing. But Snowden's revelations have exposed a number of practices of Western intelligence agencies, as well as legal rules that allow surveillance, which need closer examination.
The revelations have also exposed the failure of Europeans to create viable alternatives to a US-dominated internet.
"Snowden's leaks have changed the world," he said. "We have learned about Prism, and other measures carried out by [Western] intelligence services. We have blamed the US for treating the internet as a colony.
"But a lot of this, in many ways, is our own fault. The fact is that as Europeans, we've been unable to provide alternatives to US services. We keep using US online services even though we know they are under surveillance, that the US has the right to look at our emails, or location based information from our cellphones, if they pass through the US. We still use those services. Why? Because there is no alternative."
He added that there are few, global-scale internet companies based in Europe, and that entrepreneurs quickly head to Silicon Valley to fund their start ups.
But Hypponen also said it was wrong to accuse Snowden of damaging the US technology industry; rather, he has shed light on practices that were already common. "Blaming Snowden is misplaced. It is the same as blaming Al Gore for climate change."
Businesses, though, should be aware that they may be under surveillance, and that electronic records are not just vulnerable to government monitoring, but also intrusion by private groups, including hactivists. This could force organisations to think more carefully about how their actions would look, if made public.
"Leaking can be done by employees and insiders," he said. "If an employee knows they can leak information without getting caught, you only have one option left: do no evil.
"There are two megatrends. There is blanket surveillance by governments, but the same technology means we are watching over governments too."