@Brenno de Winter: “we do not take security serious enough”

Brenno de Winter is a Dutch research journalist who focuses on IT-security and privacy. He is pretty well known here in the Netherlands for his famous hacking of the OV-chipkaart, the Dutch pass that allows people to pay for public transportation, that was not very well secured. But there are many other cases like database hacks and his famous ‘lektober’ (a combination of the Dutch words for Leaking and October) where he did one leak a day for a month. Brenno is also quite the storyteller. With no slides he told us about his experiences so far, his view on the world and how we can create our own turning point when it comes to online privacy.

“There always a dossier or a profile somewhere”, that’s one of the disturbing observations he has made over the years. No matter who, you can always fit somewhere in a data-profile that is focused on personal risk analysis. Wether it’s a government, a national safety services of a insurance company. You can get in touch with someone who is on ‘a list’ and then your on a list as well. Meeting with someone without bringing your smartphone? That could be behavior that might point to the avoidance of tracking possibilities. And sometimes there are people that a on a list or fit a profile who shouldn’t. It’s often the combination of data points that create a correlation that might not be true or valid at all. That’s pretty scary and we should not want to live in such a world, according to Brenno.

But “we do not take security serious”, Brenno also said. For every hack he has done or leak he has exposed, there wasn’t enough follow up. Every security breach created a little buzz, but it soon became quit. Media and politicians did not pay any attention to it anymore. But we as individuals also dont’t take security very serious with passwords like ’1234′ or ‘password1′. A lot of the local governments fit this problem. However there was one story about a mayor that saw the hack (eventually) as a turning point and set out the ambition to be the safest IT-region of the country.

Which brings us to most important message Brenno had to tell us: we have agency in creating a turning point. Brenno arrives at PRISM, which he thinks is not an effective system and even comes close to the practice of the Stasi. PRISM should be the turning point, the end of the line. No further then this. We need to create new technology based on a more European mindset, with more privacy embedded. We need to turn this negative into a positive.

When talking about his motivation, Brenno says he believes in the change we can make. But more so; he does not believe in the way we handle things now. Monitoring people, server back doors, lacking security. He points to Edward Snowden, the whistleblower that brought PRIMS to the surface. That’s motivation, that’s why people like Brenno and Snowden do this. Brenno recommends everyone to watch the interview with Snowden about his motivation. You will find the video HERE.

I felt like Brenno’s story really made an impact on the audience. A nice combination of serious reflections and a call to action, wrapped in a humorous story. For more on Brenno, make sure you follow him on Twitter

For more coverage of our VINT symposium follow the blog. We got more blogs coming up in the next couple of days. You might also want to download the Dutch raport: Your Big Data Potential: The art of the Possible. Photos of the event are on Facebook