Meeting the stars

Image from Pixabay

 

I've met stars. Bruce Schneier gave a speech, Adi Shamir and Whitfield Diffie were on a panel, Ron Rivest was an arm's length away and Dave Maasland was sitting next to me in the pub.

You probably only know these names if you are in my line of business – although Dutch readers might know Dave Maasland from his tv appearances. Keep reading anyway, because even without knowing these people you can learn something here.

Ron Rivest and Adi Shamir are the 'R' and the 'S' in RSA. You may know that name from your two-factor authentication, the extra security step you sometimes have to take to log in somewhere. RSA is now a company that makes these (and other) kinds of tools, but originally RSA is a cryptographic algorithm that is important for the encryption of our data exchange. The 'A' is for Len Adleman, by the way, but I didn't see him at this conference – the RSA Conference! Whitfield Diffie, who was on the same panel as Adi Shamir, is known for another cryptographic algorithm (Diffie-Hellman).

In that panel, a number of cryptographers gave their view of the world. Shamir sneered at bitcoin and its ilk: the world would be better off without cryptocurrencies. Diffie noted that consumer products are apparently considered good enough for high-security applications – Signalgate, the affair in which high-ranking American officials were using Signal, was still fresh in the memory. Incidentally, Diffie agreed that Signal's security is well put together. The panel also discussed the threat of quantum computing, which in short means that the security offered by RSA, among others, can be cracked in the future. Moreover, foreign regimes are already stealing our data, in order to run it through the quantum computer in due course. That is why it is important to develop replacement crypto algorithms as quickly as possible, but that is not easy. Diffie: "It's like having to develop an algorithm in 1945 that still works today." Shamir advised, in line with a European recommendation, to use double encryption for the time being.

Bruce Schneier is also famous in our world. He has been distributing his free newsletter all over the world for years, providing insights and opinions on new developments. His speech was about trusting artificial intelligence. Trust is a complicated concept, he argued, especially when it comes to trusting strangers ('social trust'). We tend to considering AI as a friend, but it is a service. Moreover, it is a double agent: it serves both you and its provider. But we have no choice; we have to entrust ourselves to AI. The era of agentic AI is dawning: you’ll have a personal assistant who arranges things for you. The AI agent has access to your email and your calendar and knows everything about you. You do want this, because that way it can support you best. Schneier used a dining reservation as an example. In the past, you called the restaurant, nowadays you make a reservation via their website and soon you let the AI agent find a restaurant and make a reservation. It knows what food you like and when you have time.

So we need trustworthy AI. Integrity will be the main issue, according to Schneier, because most attacks on AI are about the correctness of data. He gave the example of stickers placed on lampposts to trick self-driving cars. Legislation is needed to achieve trustworthy AI, but current legislation (such as the European AI Act) regulates the AI itself instead of the people behind the AI, and that is the wrong way to go, Schneier says. He advocates a public AI model with political accountability, as a counterbalance to corporate AI.

Information security officers are only human, which is why the organization also brought a number of 'real' stars on stage. Such as filmmaker Ron Howard (Apollo 13 and A beautiful mind (two Oscars), just to name two), who was interviewed by his daughter and colleague. Or basketball legend Earvin “Magic” Johnson, who won over the audience with his openness and a motivating story. And finally there was actor/singer/comedian Jamie Foxx, who provided a comical closing note. But he also gave us a pat on the back: “What you do is perhaps the most important job in the history of mankind.” According to him, community is the magic word.

After that, my three colleagues and I, and 44 thousand other conference attendees, returned to our own time zone. Together we made it an interesting and fun week. And the bond between our team and the SOC has also become closer. You did a good job there, JW.

 

And in the big bad world…

• Bruce Schneier was interviewed following his RSA speech.
• Schneier praises advice from the British NCSC on advanced cryptography.
• a safety mark for AI is impossible. [DUTCH]
• Signalgate now revolves around an insecure – even hacked – clone of the Signal app.
• the Chinese cyber threat is greater than the Russian one.
• a US intelligence chief lacked basic password hygiene.
• AI is great at geo-guessing.