On Internet Security and Internet Freedom (Welcoming Remarks of Day 2 of the 14th Info-security Conference)
On Internet Security and Internet Freedom
Welcoming Remarks of Day 2 of the 14th Info-security Conference
Good morning, ladies and gentlemen. I am honored to have the opportunity to address you on this second day of this 14th Info-security Conference.
Yes, information security continues to be one of the hottest topics in ICT,
whether we are talking about the many cyber threats faced by individual users of the Internet and mobile devices all around us, or by businesses large or small, or the organized attacks between nations and groups of hackers, often targeting our critical infrastructures and even national and government institutions. It has often been said that the future warfare will no longer be conventional – it will be cyber.
Just this morning, you may have heard on the morning news that network security will be a major topic of discussion between Chinese President Xi Jinping and US President Barack Obama, when Mr Xi visits Mr Obama next week in California. The news story also referred to a Washington Post report that a leaked US government confidential report has listed over thirty US weapon system designs that has been compromised and obtained by Chinese ‘cyberspies.’
Closer to home, phishing and malware attacks against targeted political figures are nothing new to us, and in the past several months, we have been noticing a new wave of such attacks, often using some of the latest APT techniques, but also via the good old method of email attachments, targeting particular political parties and figures who are involved in controversial local political movements such as Occupy Central and the Alliance for True Democracy.
Well, yesterday morning, our keynote speaker Mr Edward Gibson talked to us about many of the interesting behavioral aspects of information security, and how many of us seem to downplay or ignore these risks around us. We have heard all these stories about cyber threats but somehow when our hands are on the keyboard and mouse of our PCs and the touchscreens of our mobile devices, we forget about all these precautions we have been told to take. Mr Gibson reminds us the need the talk to our children to beware about what they do on the Internet, what they are possibly exposing irreversibly on the Internet every day, every minute. These are truly good reminders and advice for all of us.
However, as we take note of these latest threats and contemplate how to deal with them, such as what we will discuss in this conference today about cloud security and big data, I think we should also take note of the potential conflicts of information security threats against information freedom, and Internet freedom in particular. Governments around the world often make use of protecting the security of the Internet, or the welfare and privacy of children and other citizens, as reasons for tightening their control of the Internet.
Censorship attempts are becoming more blatant. People have gotten used to the Great Firewall of China as a way of life and nothing wrong and taken for granted. From June 1, websites that report Singapore news and reaching 50,000 people or more will need to be licensed to operate in Singapore. In the end, information security concerns may prove to be the ultimate excuse for governments to dip their hands into the cookie jar called the Internet, curbing the people’s rights of free flow of information and the freedom of expression that they have just begun to discover, and the technologies that the people have just begun to utilize in the last two decades, often causing headaches and embarrassment or even downfall of governments around the world, such as Wikileaks and the Jasmine Revolution.
So we have to be careful about striking the balance between information security and information freedom. Indeed, I will propose a non-binding motion debate next week in the Legislative Council to call for our administration to respect and protect the freedom of information flow, freedom of the press and freedom of the Internet, and with that I hope to raise further attention on the potential threats we face against our core value of our freedom of speech and expression.
On this front of the need to strike a balance between information freedom, just as we face the threats of information security, don't just look to governments for leadership, as we can never to be sure whether they are more a part of the problem or a part of the solution, putting it mildly I think. Instead, I hope forums and discussions like this one will continue to remind us of our own roles and responsibilities as citizens and the real owners of the Internet – recalling the often quoted cliché that the Internet is owned not by any government, one notion that many governments around us are trying to change. In the end we are responsible for our own personal information security, as well as the security of the Internet at large.
As I often like to quote: don’t ask what the Internet can do for us, think of what we can do for the Internet. Thank you. And I wish the second day of this conference a great success.
(Photo courtesy of Mike Lo)