In an exclusive interview with Infosecurity Magazine at Infosecurity Europe, security legend John McAfee slammed the industry as being too business-focused. As a consequence, he said, it does not pay enough attention to core issues, specifically privacy.
“I think there’s more wrong than right in the security industry – because it’s a business like anything and the purpose of business is to make money and survive. If you have a product you want to make an excuse for selling. We can’t do that anymore; it’s too risky,” he asserted
McAfee also argued that poor security of mobile devices presents the greatest threat to businesses. With the amount of corporate data stored on personal devices, combined with apps that ask for excessive permission to reach other utilities, like microphones and cameras, he said the security industry was fighting a losing battle against practices such as BYOD.
To address the issue, McAfee advocated a complete separation between work and personal devices, the only way he said that acceptable security could be achieved. Practices such as containerization, he stated, would not work because "people will not conform to the restrictions that are necessary for that.”
He added that individuals would still be exposed through applications that ask for excessive permissions.
Even though companies quite rightly place high importance on corporate data, and efforts to secure that are important, McAfee argued that the far greater issue, for him, is privacy: “We need to address privacy first and foremost… privacy is number one. When we lose that, when the camera comes into our bedrooms and gets between the moments shared with those we love, then all is lost.”
Specifically, the founder of McAfee Antivirus pointed to the recent AdultFriendFinder hack which revealed the personal details and sexual preferences of as many as four million members, as “[exposing] one of the greatest tragedies of our age.”
“When someone hacks into a department store and gets credit card information, you suffer some financial loss perhaps,” McAfee explained “ But you can recover from that. How do you recover from someone entering your bedroom while you are engaged in an extra-marital affair, especially if you are a high government official?”
He insisted that sensitive information stolen in such attacks risked not only people’s careers but also their family lives. “Too much is at risk here… it’s a horrible thing. Can we not see what is happening? A person is risking an entire life. We need to address this.”
McAfee also confirmed to Infosecurity Magazine that he was still active in the industry, working on a new project he dubbed ‘social encryption.’
“It’s based on the concept that shared knowledge is something that simply cannot be acquired by anyone,” he explained. “If you and I have a year’s worth of shared experience, no one can tap into that and get into the mind of what we have experienced. It’s a very sophisticated algorithm that has a layer of abstraction that is, I believe, completely impermeable. It cannot be broken into.”
Asked whether he could back up this bold claim, McAfee said, “I understand how bizarre that sounds. I’m the last person who [would normally say that].
Social encryption, he explained, is developed via out-of-band communication based on the shared knowledge between two individuals.