Omnis systems presentation for the Crypto Party in Brighton - December 2013

1,294 views

Published on

Just a brief presentation about what it has been going on with PRISM, NSA, GCHQ, public cloud services and how it affects your private life

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,294
On SlideShare
0
From Embeds
0
Number of Embeds
146
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Omnis systems presentation for the Crypto Party in Brighton - December 2013

  1. 1. Internet security and privacy. Using Open Source based platforms to protect your rights. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  2. 2. About me Paolo Vecchi – CEO of • Omnis Systems Ltd (UK) • Omnis Systems Srl (Italy) – Scouting and distributing Open Source and Linux based solutions. – Passionate about Linux and security. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  3. 3. What is going on? Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  4. 4. When did it started? It never ended. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  5. 5. When did it started? It never ended. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  6. 6. War on terror started before 2001? Definition of terrorism (US): is the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  7. 7. Maybe there are other reasons? Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  8. 8. Houston we have a problem European Parliament: Report on the existence of a global system for the interception of private and commercial communications (ECHELON interception system) (2001/2098(INI). Published cases of industrial espionage. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  9. 9. A more recent story Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  10. 10. Compulsive hoarding syndrome? Source: theverge.com Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  11. 11. Other channels Lawful interception standards: CALEA (US) & ETSI (EU) Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  12. 12. Going fishing? Undersea fibre connections Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  13. 13. Sneaking inside Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  14. 14. ISP & Telcos Major exchanges Other LEAs ISP & Telcos & their equipment must be CALEA/ ETSI LI compliant Unknown organisations? Your ISP/Telco Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  15. 15. Do ISPs & Cloud providers have a choice? Presentation: ETSI & Lawful Interception of IP traffic RIPE 48 Meeting - 3 to 7 May, 2004 Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  16. 16. NSA/GCHQ not the only problem Inconsistent privacy laws How is your data being used? Not in the USA? You are an “alien” without rights Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  17. 17. Did anybody say “Safe Harbor”? US-EU Safe Harbor is a streamlined process for US companies to comply with the EU Directive 95/46/EC on the protection of personal data. Principles: Notice - Individuals must be informed that their data is being collected and about how it will be used. Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties. Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles. Security - Reasonable efforts must be made to prevent loss of collected information. Data Integrity - Data must be relevant and reliable for the purpose it was collected for. Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate. Enforcement - There must be effective means of enforcing these rules. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  18. 18. Can our laws protect us? Dont bet on it! Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  19. 19. Privacy on public Cloud services Data protection risks of cloud computing (extract from the EU Data Protection Working Party document WP 196 ) Lack of control as cloud clients may no longer be in exclusive control of their data Lack of availability due to lack of interoperability (vendor lock-in) Lack of confidentiality as data could be disclosed to (foreign) law enforcement agencies without a valid EU legal basis and thus a breach of EU data protection law would occur. Lack of intervenability due to the complexity and dynamics of the outsourcing chain Lack of intervenability (data subjects’ rights) Lack of isolation: A cloud provider may use its physical control over data from different clients to link personal data The Data Protection Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  20. 20. A look at public Cloud services Do you really want to give them your money? .. or on site. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  21. 21. Is the Cloud a good deal? Giving away our data and paying for it Disadvantages: No control over the technology No control over future services & features Security issues Requires additional infrastructure for secure communications Loss of data and complex migration to other solutions Difficult to integrate local and legacy services Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  22. 22. Maybe Open Source can do better Open Source can cost less than generic Cloud services Additional benefits: Open Source based solution and infrastructure Low cost/low maintenance in-house solution Reduced storage usage thanks to attachments deduplication It can be integrated with DMS/ECM and Cloud based storage Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  23. 23. Tin foil hat anyone? Protecting our privacy may not be easy … … but we have to start from somewhere Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  24. 24. Whatever you do, think first Simple rules to protect your privacy and freedom: – 1 - am I sure I want to type that? – 2 - go to 1 Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  25. 25. Is encryption the solution? Only if combined with other good practices and tools Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  26. 26. Time for some onions? They are working on it but it can still be a good option. Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  27. 27. Make them run for the money It's too easy! - using public cloud services you lose control on your data - your data will be shared between services - you won't know with whom your data has been shared until it's too late - NSA/GCHQ & Co won't have excuses to ask for bigger budgets Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  28. 28. Decentralisation in Privacy friendly areas Give them millions of small servers instead of few Cloud services Cloud providers want to work with us? Move DC to Europe then. NSA wants data? Must follow EU Data Protection rules. ? Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  29. 29. Use the source They use it They recommend it & sometime use it Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  30. 30. Open Source & Linux www.prism-break.com put together a nice collection of Open Source solutions Soon available on Omnis Systems web site together with business solutions Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  31. 31. So Geeks and Nerds will save us? Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  32. 32. Major contributors to Open Source 1. Red Hat: 12.3% 9. Parallels 1.3% 2. IBM: 7.6% 10. Renesas Technology: 1.3% 3. Novell: 7.6% 11. Academia: 1.2% 4. Intel: 5.3% 12. Fujitsu: 1.1% 5. Independent consultant: 2.5% 13. MontaVista: 1.1% 6. Oracle: 2.4% 14. MIPS Technologies: 1.1% 7. Linux Foundation: 1.6% 15. Analog Devices: 1.0% 8. SGI 1.6% 16. HP: 1.0% Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  33. 33. Open Source / Open Core is good for all of us Increases security Keep control of your data Ready for (UK or EU) Cloud integration Develops local skills Reduces costs Increases local revenues Reduces tax avoidance by international Corporations Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  34. 34. Recommended tools Operative System Collaboration/email suite Browser Private cloud Email clients Office suite Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  35. 35. Open source is ready for a secure business Your app? Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
  36. 36. Questions? Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton

×