Kerckhoffs lecture: what Europe needs to do after Snowden

At 12:30 on Friday 13th of June 2014 I will give the Kerckhoff Lecture at the Radboud Universities Kerckhoffs Institute for information security in Nijmegen in room HG00.068. For an audience of students and faculty who probably know more about the maths of cryptography than myself I will talk about the tech-policy implications of the Snowden revelations and why Europe has been doing so very, very little.

Imagine a whistleblower releasing detailed documentary proof of a group of organisations that dump large volumes of toxic mixed chemical waste in European rivers and lakes. The documents describe in detail how often (daily) and how toxic (very). Now imagine journalists, civic organisations and elected representatives all starting furious discussions about how bad this is and what the possible horrible consequences theoretically could be for european citizens.

Now imagine that this debate goes on and on for months as slowly more documentation is published showing ever more detailed descriptions of the various compounds in the toxic chemicals and what rivers and lakes precisely they are being dumped into.

Now imagine that no journalist, civic organisation or elected representative comes up with a single concrete and actionable proposal to stop the actual and ongoing toxic dumping or to prevent future organisations getting into the habit of illegal dumping.

Imagine also that both governments and public-sector organisations, including the ones responsable for health- and environmental matters continue not only to procure products and services from above organisations but also continue to give them the licences they need to operate.

Imagine that this goes on for month after month after month for a full year.

Now Imagine it turns out that the Government not only already knew about this 13 years before but also had a detailed report on practical solutions to clean up the mess and prevent future poisoning.

Imagine that.

Sounds incredible does it not?

Except this is precisely how Europe has been not-dealing with the revelations by Edward Snowden on industrialised mass-surveillance of our government & civic institutions, companies and citizens.

The EU has spent most of a year holding meetings and hearings to 'understand' the problem but has not produced a single word on what concrete actions could regain the right to privacy for its citizens now. This while a July 2001 report on Echelon, the NSA/GCHQ precursor program to the current alphabet soup, explained the scope of the problem of electronic dragnet surveillance and made practical and detailed recomendations that would have protected Europeans and their institutions had they been implemented. Currently only Germany has seen the beginnings of policies that will offer some protection for its citizens.

On Friday the 13th of June I will discuss the full scope of the NSA surveillance problem, the available technological and policy solutions and some suggestions about why they have not and are not being implemented (or even discussed).

Slides from lecture are here in ODF and PDF

Klagen over keuzevrijheid

Actieplan Heemskerk3 softwareleveranciers; Unit4Agresso, Afas en Exact beklagen zich in het Financieel Dagblad (voor abonnees) over het EZ-actieplan Nederland Open in Verbinding. Volgens Chris Ouwinga, Bas van der Veldt en Rajesh Patel (de directeuren van de drie bedrijven) is het een probleem dat ‘Heemskerk kritiek op dominantie Microsoft vertaalt in frustrerend beleid voor sector’. En dat het programma bureau Nederland Open in Verbinding de bedrijven niet als partners ziet bij de taak (volgens de directeuren) van NOiV: 'het op het schild heffen van open standaarden'. NOiV ziet haar taakopvatting wat breder.