Five lessons from ISSE 2018 Brussels

Landed in Brussels Airport late at night. Walking the terminal looked like anywhere else in the world. Am I really in Belgium? I thought. After passing a few gates I was in front of a huge Tin Tin’s rocket. Oh yes, this is Belgium. During the rest of my journey I could see what also makes Brussels special: the forests of European flags. No doubt, that all European countries are well represented in Brussels, but would I find harmony in their digital services? And, how European businesses treat cybersecurity and digital identity? Only attending ISSE would answer me that.

ISSE is a conference organized by EEMA(the European Association for e-identity and security), and this year gathered nearly 200 attendees from all over Europe. EEMA just launched go.eID.AS, an initiative to promote eIDAS across Europe and beyond. Let’s re-live five moments of this year conference (6-7 November 2018) in Brussels.

Will robots need passports?

The most popular session (Twitter doesn’t lie, does it?) was David Birch’s “Will robots need passports? –How can we manage the identity of everything.” Birch was one of the most passionate speakers who addressed the plenary. He opened referring to a saying from 20 years ago “On the Internet, no-one knows you’re a dog” and showed how things have evolved so in the near future the reality will be instead “On the Internet, no-one knows you’re a Russian bot that’s hacked a fridge and is pretending to be a dog.” This is where we’re going next. Closing his talk he answered the question “Will robots have a passport?” Yes but they won’t have the most important stamp: IS_A_PERSON.

Round table debates

There was also a 90-minute session in which attendees split into tables to discuss their own topics of interest: “Passwords are dead,” “Will AI and robots take over humans,” “GDPR and consent,” among others. I joined GDPR table, in which I was lucky to have Mark Lizar (Open Consent), Carolyn Harrison (Assured Clarity), Pieter De Backer (Argeüs) and other GDPR experts. It was a real heated debate. We recalled the hysteria when 25thMay was approaching, when we saw that flood of emails coming to everyone, which created a huge usability and security problem. Some bad guys took advantage of the situation and sent phishing messages. If you received 100 emails in a single week of sites you hardly remembered, how could you distinguish if all of them came from real companies? Consent is indeed only one of the six lawful grounds for processing data under GDPR. When the time was up, Harrison stood up and asked the whole auditorium: “Hands up if you believe that GDPR is good.” The vast majority did.

LIGHTest Use Cases

LIGHTest is a project that answer the dilemma: in this increasingly connected world, how do I know that the person or company that wants to do electronic business with me is really who claims to be? Is this person legally representing a company? Can I trust the document that is on my screen? and so on. LIGHTest aims to prove that using DNS (an old but ubiquitous Internet technology) is an effective way to create trustworthy communications to solve today’s problems and comply with GDPR, eIDAS and national laws. Spain’s Correos was present at ISSE and showed a list of applications (e.g. MyMailbox) that are making LIGHTest a reality. Ubisecure is proud of being part of LIGHTest.

Kantara Consent Receipt interoperability demo

The world needs open standards. I participated in “Kantara Project” session. Mark Lizar started with an eye-opening presentation “Operational Privacy, Security and Surveillance” in which he revealed the truth that privacy is an operational problem that from the security point of view leads to social engineering. Surveillance 2.0 has also given birth, with Chinese government as the most notorious example. Face recognition cameras are across the country feeding China Social Credit System. If you don’t stop in front of crosswalk or at a stop sign, you lose points. If your social credit is low: you’re blocked from domestic flights, your children can’t go to good schools, you’re banned from a good job, your Internet speeds are throttled, and you can even lose your pet. Lizar and Open Consent propose Consent Based Governance, which in practice is achieved with a Communication Governance Protocol to maintain operational state. Consent receipts are the key element that ensures a “shared metal model” between people and companies. Followed by Lizar I had the privilege of presenting Consent Receipt interoperability demo. By using our handy “Ubisecure Bookshop” application, I showed how a user that is prompted with “Special offers to your mailbox?” will have the option to give consent and get a consent receipt. Inside the consent receipt, the details of the transaction, contact details of the data subject, privacy policy and the purposes why I gave consent to use my data will be recorded. Consent receipts are a missing piece in the vast majority of today’s Internet services. Colin Wallis closed the session, and gave more examples of the great work that Kantara Initiative does to build open standards that benefit people accessing Internet.

The cryptographic year in perspective

Professor Bart Preneel from KU Leuven delivered the closing keynote. Truly enlightening. He showed the most remarkable news of what happened this year in cryptography. Quantum computing—which is not as useful as some people think—will be used to crack today’s cryptosystems, but Preneel estimates that it will not happen until 10 years from now. Crypto wars have just started and governments are looking for ways to do law enforcement. For now, their best way is to exploit security weaknesses of commercial hardware and software and use them without telling the vendors. What governments would dream of is having cryptographers create backdoors for them. Preneel’s talk was full of revealing photos, and he even showed a couple of videos of high-end cars being hacked and stolen with inexpensive tools. Towards the end Preneel reflected on what Europe can do to protect itself, and his final words were: Europe needs open standards. We couldn’t agree more.

 

ISSE 2018 was a great opportunity to catch up the latest and meet professionals who are devotedly working to bring security and harmony among European digital services. So many real cases: payment systems, digital signatures, digital identity, which puts in evidence both challenges and opportunities for businesses and society.

Thank you EEMA for organizing ISSE and bringing Europe together. Thank you John Bullard for the formidable V.I.P. Gin tasting (Bullards is looking for ginvestors). Thank you IBM for being a great host. If you missed ISSE 2018, come next year. À la prochaine, Bruxelles!