Mikko Hypponen: better digital security needs more European startups

We've handed over our data to American companies, and given up our privacy with it. We need to understand what the threats are - and to build an European online world that keeps our data safe, says Mikko Hypponen of F-Secure.

Mikko Hypponen is CRO of F-Secure

WARNING: Liveblogging – prone to error and inaccuracy. Will be updated/improved over the next 48 hours.

The first step in defending yourself online is understanding who the attackers are. An attack from criminals is very different from attacks led by national governments.

People attack to:

  • make money – criminals
  • protest or make a point – hacktivists
  • gather security information or wage war – governments

The arrival of the last group is the big change.

Cryptocurrencies have started to change the environment. There are viruses that turn computers – and Android phones – into currency miners. There are ransom attacks, that use unbreakable encryption to render your data inaccessible until you pay up. We will see infected toasters as devices become more connected.

The organisations that aren’t financially motivated are more complicated. They’re almost never random. They usually have a beef they aim to settle. They do their protests online, and not in the physical world. Criminals don’t care who you are – they just want the money. Hacktivists pick their targets, and for a reason.

The dawn of political digital attacks

When the web came around, the powers that be ignored it. Politicians could not have cared less about the web in 1994. The web effectively began in 1994 – that’s when most people became aware of it. F-Secure launched their website in April 1994 – they were the 17th website in Finland. Decision makers don’t ignore it anymore. And they’ve realised that the internet can be used to do surveillance on us – and on overseas users. The NSA’s Prism programme is perfectly legal – because once we hand our data over to US companies, we no longer have privacy rights in the US.

This makes people feel powerless. What can we do to fight them? Nothing.

That’s not true.

It’s wrong and it can be fought. It can be fought technologically, and it can be found politically. We should be outraged – we did not create the internet to be used for global surveillance – and it’s not right that’s what we’re leaving to our children. The superpowers are using the internet as one of their colonies, as if they were our masters. Mr Snowden is a powerful man, and we should be grateful to him.

Obama was happy to report that in 6 years we went from less than 10% of the world’s smartphones operating on US operating systems to over 80%. Those phones can be attacked now – legally, by the US government.

Targeted versus blanket surveillance

There’s no problem with targeted surveillance. The need for that is clear. Angela Merkel – as a world leader – is an understandable target. Your mother? She’s not a valid target (unless she’s a world leader or…).

We give away our secrets every day. Google’s search suggestions give away secrets – our families don’t know us well as the internet does.

We shouldn’t give away all our secrets to foreign powers. The USA is on the wire, because there are so many large US internet companies. Can you name five large European internet companies as easily as you can five US ones? SAP is our biggest one – and it’s larger than the next five combined. We’ve been failing to create new services for years – and we sell our rare successes to US companies. That’s what we need to change.

We need to move as much of the startup activity away from Silicon Valley as we can. Our young people shouldn’t be going to San Fransisco – they should be staying here.