betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

12 April 2005

Sum Up Of Security Strategy Conference

Taking part in the democratic process, pushing Open Source and privacy

I had thought about mobile blogging more of the conference, but it got too tiresome with the tiny mobile phone keyboard. Here are some notes and thoughts though. Overall the day was a surprisingly good experience. Don't expect too much to come out of it, politicians are going to turn it their way anyway. Read on...

My last report had ended with Diomedes Spinelli talking on Open Source. Thinking back I believe he cut have put more fire on it. But Open Source crept in on a couple of other occasions. After all security is today one of the big reasons for Open Source.

After the coffee break was the second batch of speakers, talking more about the involvement of users, providers, banks, and consumers. Despoina Polemi, a female professor from the Uni of Pireus started with some security related projects that involved digital signatures, encryption, smart cards and the like to do for example digital prescriptions in the health industry (my words). Then there was a guy from the Bank of Greece who gave a very interesting speech. He basically lined out the list of rules the Bank of Greece has handed to greek banks a couple of weeks ago. These involve all kind of security related matters in respect to computer security. They demand from internet banking now two levels of authentication, not just username/password any more, but some kind of smartcard, strike list, whatever. Very good, given that for example Alpha Bank currently uses only username/password and restricts the password to 8 characters.

I won't list each and every speaker, just some that left a strong impression. Stelios Maistros from the greek cert talked about their work, some statistics and went so far to even mention Bruce Schneier and his book "Beyond Fear". Coincidentally I'm just rereading that book, I think it is definitely the book for these suits to read. But I don't think the suits will actually go so far and pick up a book and really go and gulp, it. Speakers from the Greek Internet Users Union talked about digital signatures that are required by some organizations but can be obtained only through american companies. They and the guy from the Workers Union pointed out problems with privacy in modern technology.

After a hefty good lunch (thanks go the Greek Democracy for inviting me in) we went in for the 3rd session. Talks about Security, Trust and Development. Standing out was George Epitideios from the Greek Internet Professionals Union. Not only his style of talk was interesting, with lots of lively examples and involvement of the audience. But he gave good information and advice around the question of security problems and public image. Another talk was about why companies hesitate to sell products online and why consumers hesitate to shop.

After we had heard all the talks, three smaller rooms awaited us, where we would discuss and work on the three topics of the day (1: Globalisation and the greek outview - more a strategy thing. 2: Consumers, Privacy, Banks, Providers. 3: Security, Trust and Development.) I chose to go into room 2, as some points in the banking talks had risen my interest.

In the workgroup I was only listening at first. There were representatives of banks, internet and communications providers, user groups, uni people. Quite often someone would talk up: "We as the xy want that abc happens." The greek democratic process at work. The paper from the Bank of Greece was thought of being sufficient. I spoke up that I had missed one question in there though: When something really goes wrong (and there always does), who will pay? The bank or the customer? It's not so long ago that the banks denied any claims from customers who had been victims of small cameras and spoofed card readers on ATMs on the basis that their systems are totally safe. So the question of liability got into the paper.

Later I also gave my opinions about digital signatures (which have a terrible way of breaking down on citizens when they are issued and managed by government, just imagine having to defend against someone abusing your "official ID digital signature"), which was one of the big points of the user groups and some providers representative. The telco people were mainly worried about the chaos around privacy questions: On one hand privacy laws dictate that they erase customer trace data, on the other hand law enforcement obliges them to keep that stuff around. Now what to answer to customers who want their records erased. We also got the demand of open standards into our list, for government projects and banking interfaces.

All workgroups summed up their findings in the big room at the end. Most notable at this point was that Open Source and open standards had come up on all the three topics. Few attendants had remained till the end, but for me it was worth it. At the end I want to mention what the guy from one of the telcos told me though. He did not expect anything to come out of it. Politicians do what they want, and then there is still the EU. We swiss have a bit of a different expectation about democracy. So lets see and hope for the best. Personally it was a fun day.

Posted by betabug at 10:03 | Comments (2) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< sec congress 1 | Main | Sahara Dust >>
About Bruce Schneier

I should get Beyond Fear, seems like a good read.
He also has a blog on security :-)

Posted by: Rodolfo Gouveia at April 13,2005 09:25
Re: About Bruce Schneier

Added his blog to my list. Indeed a good idea to check back. Beyond Fear is definitely good, but not really very, very, worldbreaking good. Definitely a book that politicians should read, if politicians ever read books.

Posted by: betabug at April 13,2005 10:00
You can trackback to:
There are no trackbacks.
Leave a comment