Lance Bellers - Fotolia

Coviello tackles cloud privacy, government's key escrow plan

Former RSA chairman Art Coviello said the U.S. government and cybersecurity industry need to work together to solve growing issues around cloud security and privacy.

Art Coviello is concerned about the state of cloud privacy, and he's not shy about criticizing those he believes are undermining it.

Coviello, who retired as chairman of RSA Security earlier this year, is delivering a keynote speech next week at the "Privacy. Security. Risk. 2015" event in Las Vegas, presented by the IAPP Privacy Academy and Cloud Security Alliance Congress. Coviello spoke to SearchSecurity about the themes of his upcoming keynote on the state of cloud privacy and security, as well as the adverse effects of government.

"There is no privacy without security," Coviello said. "But security has to be managed to meet the needs of privacy."

In the era of government surveillance, that balance has become increasingly difficult to find, Coviello said, in large part, because privacy advocates and NSA surveillance supporters have struggled to find common ground. "To me, the big problem, post-Snowden revelations, is that these two groups are talking past one another," he said. "And the people in power are pandering to both sides of the debate."

Specifically, Coviello called out politicians like Donald Trump for catering to people's ignorance of technology. "Government officials need to stop fanning the flames of public opinion and do a better job helping people understand these issues," he said.

There is no privacy without security. But security has to be managed to meet the needs of privacy.
Art Covielloformer chairman of RSA Security

But Coviello, who has previously tackled the issue of U.S. government spying at RSA, also had harsh words for some of the government's recent actions regarding data protection and encryption. Specifically, he called the government's recent plans around "front-door" access to encrypted data or encryption key escrows "impractical," and a danger to end-user privacy.

"I can't believe that [FBI] Director James Comey is calling for some kind of key escrow. I thought we moved past that idea years ago," Coviello said, adding that the government should be an advocate for strong encryption technology and practices.

The effects of such surveillance efforts have already had an effect on the cloud services industry. Earlier this week, European Court of Justice (ECJ) Advocate General Yves Bot ruled the Safe Harbor agreement between the U.S. and Europe to be invalid; the Safe Harbor agreement allows U.S.-based companies to freely transfer customer data from Europe to the U.S. But after a lawsuit was filed by an Austrian Facebook user, which claimed the Safe Harbor agreement put his privacy at risk because it subject his personal information to U.S. government surveillance, Bot ruled the agreement invalid.

"With the cloud, these [privacy] issues are only going to grow," Coviello said.

Despite criticism of the federal government, Coviello called for great cooperation between private technology companies and the public sector. "We keep talking about private-public partnerships, but where the hell is it?" he asked. "We need to work together to solve these problems."

Coviello also said security vendors, themselves, need to step up and do a better job developing products and services that address these cloud privacy and security issues. While there's much work to be done, Coviello said he's been working with a number of security startups since retiring from RSA, and that he's optimistic the industry will see significant progress in the near future.

"We're not going to solve the problem 100%," he said, "but I think we can get to a point of continuous improvement around privacy and security."

Next Steps

Find out why the CSA believes cloud data privacy is a key issue

Learn why cloud security experts call for global data privacy standards

Dig Deeper on Cloud Network Security Trends and Tactics