A year ago, the Snowden revelations were just beginning to shock the world. And today, we are better off because of Edward Snowden's actions, says Mikko Hypponen, security expert and F-Secure’s chief research officer. Companies and consumers are more privacy-minded and thinking about what's happening to their data. And a global conversation is being held about complex issues of technology, security and privacy. Hypponen answered questions about the impact on the security industry, the change in behaviour of consumers versus businesses, and the most important leaks of the year.
What were the major events of the Snowden leaks in your eyes?
The initial leak, PRISM, was crucial. It opened up our eyes that these services we all know and use, like Google and Apple, are being watched. The revelation that phone calls of foreign leaders like Angela Merkel were being spied on was important – although not necessarily surprising. The leak of the NSA ANT catalog in December showed just how advanced the technology used by the NSA is. It gave technical details about the kind of surveillance gear they already had five years ago. The Quantum leak showed how the US is actively using web exploit kits against their targets. And finally, the leak from Glen Greenwald's new book shows that the NSA has access to Microsoft SkyDrive, or OneDrive. We didn't know until now that SkyDrive is available to the NSA, too.
Which revelation surprised you the most?
The revelation that Britain’s surveillance agency, GCHQ, spied on people’s webcam chats. What in the world were they thinking?
Did the Snowden leaks impact how security vendors do business?
Definitely. Especially companies outside the US. We now feel we have a responsibility to provide for customers all over the world who would rather do business with non-US companies. Companywise, in the 23 years I've been with F-Secure, our company has never changed as much as it has the past year. We've changed our look, slogan and mission, started new business areas, and we've released more new products than any year before, several of which are centered around privacy.
How about the handling of customer data?
The revelations didn't have much impact on how F-Secure handles customer data, because we've always been very privacy-centric. But they were a big reason why we recently published a whitepaper that details data collection for our Internet Security products. In the past year, people have become more concerned about what happens to their data. Security software is very low level and has wide access to the system, so as a security vendor, we wanted to be up front. We became the first and, so far, only security vendor to document what kind of data we collect on end user systems and how we anonymise it. We challenge other security vendors to do the same.
> See also: NSA leaks cause IT security execs to rethink administrative privileges
Did people really leave US Internet services?
When people learned about the revelations, many said they didn't want to store their data in big US services anymore. But in practice, there has been no massive shift among consumers. It takes time and effort to leave old services and take up new ones. Businesses, on the other hand, are very much moving their data away from US clouds. They know that when they store data in US clouds, the US government has a right to look at that data, and they must take that very seriously.
Where do you still see alternative services to US services missing?
Where are the mainstream European search engines? Web mails? Cloud storage services? These questions are part of the reason F-Secure has decided to enter the cloud storage space – because we didn't see European alternatives, and we see it as our own responsibility to provide one.
How has the US government behaved in your opinion? Any improvements in sight?
They have made changes already. But practically all the changes we've seen have been to improve the privacy of US citizens, not foreigners. Politicians have to keep their voters satisfied, and we foreigners won't be able to vote them out of their positions.
> See also: Companies that lose sensitive information should be punished, say UK consumers
What gives you hope?
Edward Snowden gives me hope. Here's a guy who sacrificed all to save us, and we the citizens of the world should be thankful. Not everything he did was technically right – he broke the trust of his employer and his NDA, but nevertheless he did the right thing. Now we know a lot about surveillance the Five Eyes countries are conducting. Other countries are spying as well, we just don’t have concrete evidence about it yet because they haven’t had their Snowdens. So I hope we get more Snowdens from other superpowers.
What do you expect the leaders of the world to do?
Instead maybe we should answer the question "What should normal people do?" Normal people shouldn't be worried, they should be outraged. The way to change things is through the political process. Vote, talk to your representatives, make your opinions count and join our Digital Freedom movement.