A new coalition of leaders from government, industry and privacy advocacy groups hopes to help provide a framework for reaching a consensus on how to use IT to ensure society's security while protecting individuals' privacy, says Art Coviello, an organizer of the new Digital Equilibrium Project.
The project seeks to help end privacy/security standoffs, such as the recent legal squabble between the FBI and Apple over a Justice Department motion to compel Apple to help the FBI unlock the iPhone used by one of the San Bernardino shooters, Coviello explains in an interview with Information Security Media Group. The government dropped its case against Apple when the FBI received help from a third party to unlock the iPhone (see FBI-Apple Aftermath: Finding the Elusive Compromise).
"The big problem that we face today, and you can see it in the Apple-FBI controversy, is that the various sides are talking past one another, and they're never going to reach agreement, and they're not going to make any progress," says Coviello, who devised the concept for the Digital Equilibrium Project.
But Coviello, former executive chairman of the security company RSA, says the new group will address a broad range of issues, including guidelines for the collection of communications metadata.
In this interview (see audio link below photo), Coviello explains the four fundamental questions the project will address:
What practices should organizations adopt to achieve their goals while protecting the privacy of their customers and other stakeholders? How can organizations continue to improve the protection of their digital infrastructures and adopt privacy management practices that protect their employees? What privacy management practices should governments adopt to maintain civil liberties and expectations of privacy, while ensuring the safety and security of citizens, organizations and critical infrastructure? What norms should countries adopt to protect their sovereignty while enabling global commerce and collaboration against criminal and terrorist threats?Creating a Civil Dialogue
The project organizers will meet this month to determine how to create a forum to facilitate a dialogue.
"If we do nothing other than create conventional wisdom that the only way to make progress on these issues is to have a civil dialogue, I would consider the project to have been successful," Coviello says. "Of course, we want to do more than that. But getting the right people in the right room to start addressing these problems, finding areas of alignment, finding places where we can have genuine compromise - that doesn't compromise principle - that's where we want to start."
Project organizers explained the objectives of the Digital Equilibrium Project in a paper published last month titled Advancing the Dialogue on Privacy and Security in the Connected World.
Coviello joined the venture capital firm Rally Ventures when he retired from RSA, the security division of EMC. During his two-decade career at RSA, the company evolved from its roots in authentication and encryption to the emerging areas of information security, including security analytics, identity and governance, and risk and compliance.
Besides Coviello, other project organizing members include:
Stewart Baker, former first assistant secretary of the Department of Homeland Security; Tim Belcher, former CTO, RSA; Jim Bidzos, CEO, Verisign; Ann Cavoukian, executive director of the Privacy and Big Data Institute at Ryerson University; Larry Clinton, CEO, Internet Security Alliance; Michael Chertoff, former U.S. secretary of homeland security ; Richard Clarke, former White House security adviser; Edward Davis, former Boston police commissioner; Brian Fitzgerald, chief marketing officer, Veracode; Kasha Gauthier, co-chairman of the program committee at the National Initiative on Cyber Education; Trevor Hughes, CEO, International Association of Privacy Professionals; Michael McConnell, former director of the National Security Agency and director of national intelligence; Nuala O'Connor, CEO, Center for Democracy and Technology; and J.R. Williamson, corporate CIO, Northrop Grumman.