An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two)

Numbering: Issue 22.A, Idea: Outliers & Outsiders (Part Eighteen)

Place of Publication: Langley, British Columbia, Canada

Title: In-Sight: Independent Interview-Based Journal

Web Domain: http://www.in-sightjournal.com

Individual Publication Date: March 8, 2020

Issue Publication Date: May 1, 2020

Name of Publisher: In-Sight Publishing

Frequency: Three Times Per Year

Words: 2,509

ISSN 2369-6885

Abstract

Thomas Wolf is a Member of the Giga Society. He discusses: interests in information security, cryptology, and more; improving data privacy; financial services industry work; a fan of Edward Snowden, and liberty issues, mass surveillance, and privacy; the future of data privacy; more on liberty issues, mass surveillance, and privacy; nationalism and xenophobia; and professional interest in program and project management.

Keywords: cryptology, data privacy, general computers, Giga Society, information technology, liberty, mass surveillance, Thomas Wolf.

An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance: Member, Giga Society (Part Two)[1]^,[2]*

*Please see the footnotes, bibliography, and citation style listing after the interview.*

*Original interview conducted between October 21, 2016 and February 29, 2020.*

1. Scott Douglas Jacobsen: You have an interest in information security, and general security and general computer topics. You headed the information security program at a leading international financial service industry (FSI) provider in addition to sending in an application for a cryptology patent. Where is the source of these interests?

Thomas Wolf: As a kid, I had already always been a big science fiction fan, so a major interest in computers had come naturally. Then, in the eighties and early nineties, hacking had become a big thing, and of course, I wanted to be at the front line of it. In 1990, I won a hacking competition, and I actively participated in the hacking community during my time at university. This interest was something that never left me. The cryptology patent application came up by chance. I had criticized my wife for using passwords being far too simple and in danger of being hacked. She asked me why I didn’t invent something to make that password hacking more difficult, so I did. Hopefully, this invention will be of benefit to data privacy for all.

2. Jacobsen: How did the invention to improve data privacy work?

Wolf: As the patent is granted now in Europe and the USA, I can go into some detail here.  Somewhat simplifed, an unknown component is added to the password and needs to be brute-forced by the user’s system on any legitimate logon. The complexity for this is about a million tries, very little even for a current phone or notebook, but as the known and unknown password parts cannot be attacked separately, this factor becomes multiplicative for an attacker, raising the attack difficulty exponentially. This means that use of this invention will render today’s brute-force attacks, by e.g. an NSA supercomputer or a giant botnet, useless against even well humanly memorizable passwords – a major change in the game.

3. Jacobsen: What tasks and responsibilities came with the position in the financial services industry?

Wolf: Heading a major IT program is a great responsibility, although it is mostly standard program management work – strategy definition, projects organization, budget controlling, document review and approval, etc. In my case, however, a whole new dimension was added when I ran into the topic of ethics. In the position, I could utilize my IT security and hacking knowledge to dig a bit deeper than most program managers would have done. I cannot go into details here, as you do have to sign non-disclosure agreements in such positions, but I can say that my previous hacking experiences proved to be quite useful, though not everybody appreciates deep digging in all cases. My original assignment was intended for longer, but it was cut short by the CISO. But then it was replaced instead by some work in internal auditing by the direct mandate of the group’s board. I am happy that this proves I did a good and effective job. Allegorically speaking, sometimes when digging deep you encounter a Balrog, and when you successfully face him, it can make you a stronger person.

4. Jacobsen: You are a fan of Edward Snowden, and liberty issues, mass surveillance, and privacy. Why Snowden? What about him?

Wolf: Snowden is a modern hero, and his actions are a guiding light demonstrating how responsible persons should act – this includes being a role model for my own actions. Nowadays, there are a lot of whistleblowers, but Edward Snowden stands out for several reasons. Firstly, he showed extreme courage and skill – he actively pursued his mission of informing the public and did not leak some information to which he by luck had gained access in some random way. Moreover, he did this under great personal sacrifice, but he did it in an extremely responsible way, not spreading information insufficiently redacted like, e.g., Assange or Manning, but taking the greatest possible care to keep dangerous security-relevant information secret while exposing processes and structures that are morally and ethically wrong and do much more bad than good And perhaps most important of all, he did not blow the lid on some scandalous behaviour of one or another individual, he pointed out a crucial systemic flaw in our political system and a major danger to free society as a whole.

5. Jacobsen: What is the future of data privacy for citizens in the early to middle 21^st century?

Wolf: I hate to say it, but this future looks bleak. Already today, ensuring data privacy is a challenge for companies and private IT professionals. For an amateur, it has become impossible. Orwell’s dystopia has not become a reality yet, but the technological base for it already exists, at least in the field of IT and data. unless we have a major paradigm change soon, I fear for the worst. Unfortunately, most people do not realize yet that governmental invasion of data privacy in all nations, including western democracies, already poses the real and current danger of all citizens being demoted to the level of small children or mental patients who have all their online activities and communication supervised and censored.  In order to avoid this, it would by far not even be enough to carry on and not worsen things, it would be necessary to actively prioritize and implement data protection measures and controls. Which to my deep regret is not something that I see coming.

6. Jacobsen: What are the personal interests in liberty issues, mass surveillance, and privacy?

Wolf: The eighties and their free spirit are the time that shaped me. Information technology was far less advanced back then, but we all felt that we were part of a new age being created, whether you saw it from a hacker’s or from an entrepreneur’s view. Today, we have much greater technological possibilities, but they are, clearly put, broken. Due to bad IT design, unintentionally or intentionally, computers and computer communication often have become risks and problems rather than opportunities and benefits, and that is saddening. Humankind is going down the wrong road, not towards a free world but towards a controlled ant state. We must do everything we can to fix this, or we are giving away the future. The danger of a totalitarian regime has not died with communism, it is more real and strong than ever, only from another direction, i.e. nationalist and xenophobic sentiments. The election of a person like  Trump to US presidency – who demanded a death sentence for Snowden – shockingly demonstrates that danger, but unfortunately that is by no means solely a US problem, it exists in all industrialized nations of today to a varying degree. This is hard to see yet for people not involved in the field of IT, but the decisions of today will shape our future, and the system will be almost impossible to correct in a few years already, if we do not start fixing it now. Besides overpopulation, this is the greatest challenge the world faces. Benjamin Franklin’s quote sums it up perfectly: “Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.”

7. Jacobsen: You mentioned President Trump. Other leaders hold similar nationalist and xenophobic sentiments. What other leaders reflect these views to you? How can the global community attenuate the sentiments and prevent the practices that come from them?

Wolf: We can perform a simulated time travel – or at least the dystopic possibility of it – by moving geographically. If you start in Merkel’s Germany (or pretty much any other continental European nation), you already face intelligence agencies with overly strong authority and capability to invade people’s data privacy. Move to Obama’s USA or Cameron’s UK, and you are where (or when) these activities have reached the point of being incompatible to constitutional provisions. But are being actively carried out anyway. With Trump – if he gets his way – net neutrality will be lost and the technological base for widespread censorship implemented, and probably already utilized to some degree; even worse, a complete loss of the public’s control over secret governmental institutions is unavoidable. In Xi’s China or Erdogan’s Turkey of today – or in a dystopic but well possible future USA and Europe – we see active human rights violations as well as common and strong limitations of free speech. In Kim Jong-un’s North Korea, which could be near-future Turkey or the mid-future western world if things continue to go wrong (at least in the data privacy field), we see a total control of data traffic by the state with every device being traced and monitored and no shred of data privacy at all remaining. The longer we travel into that direction, the harder it will be to still stop the momentum – if still possible at all. Due to technology leadership, the only places where we could still stop this trend would be the western world, i.e. America and Europe. What we would need is a proper and active prioritization of values, freedom over fear of crime and foreign powers. The sadly ironic thing is that exactly the people who advocate measures for physical liberty – through e.g. legal private gun ownership – most often, due to sentiments against foreigners and inevitable globalization, fail to see the real and imminent danger of loss of all liberty through loss of privacy. Even the theoretical right of gun ownership and resistance in case a dictatorship being erected will not help much if the government at some point has a full surveillance of all communication between its critics and of all commercial transactions (including buying guns) in place. People need to realize this topic as a top priority and to start enforce privacy strengthening. But I cannot see of how this could be accomplished easily, we cannot do much more than to continue raising the topic and educating the public about it – maybe interviews this will be of at least a tiny bit of help in that cause.

8. Jacobsen: What about the professional interest in program and project management, especially IT programs?

Wolf: In the seventies, I developed a great fascination with creating computer programs because you could shape an algorithm to perform amazing tasks, solve problems to make this algorithm run more efficiently, express your creativity through this. About twenty years down the road, when computer programs became much more complex and standardized, the programmer’s role (now verbally often downgraded to “coding”) began to change from creator of an individual work (or in some cases even individual piece of art) to manufacturer of pre-defined modules in pre-defined ways, a mere cog in the wheel. To escape this, I moved into software architecture, but this was too detached from actual algorithms. A natural career steep then was to move into IT project management first, then program management (for those unfamiliar with the technical terms: “program” here not in the sense of a computer program, but in the sense of a combined set of projects towards a common goal). To my delight, I experienced that this was bringing me back to what I had always wanted to do: creatively designing and optimizing systems that produced a positive output. Only that the system was no longer a computer program, it was an organizational program – less mathematically defined, but instead interacting with persons and groups, the team and other stakeholders – and offering the degree of freedom in the 2010s that computer programming had offered three to four decades ago.

[1] Member, Giga Society.

[2] Individual Publication Date: March 8, 2020: http://www.in-sightjournal.com/wolf-two; Full Issue Publication Date: May 1, 2020: https://in-sightjournal.com/insight-issues/.

*High range testing (HRT) should be taken with honest skepticism grounded in the limited empirical development of the field at present, even in spite of honest and sincere efforts. If a higher general intelligence score, then the greater the variability in, and margin of error in, the general intelligence scores because of the greater rarity in the population.

Appendix II: Citation Style Listing

American Medical Association (AMA): Jacobsen S. An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two) [Online].March 2020; 22(A). Available from: http://www.in-sightjournal.com/wolf-two.

American Psychological Association (APA, 6^th Edition, 2010): Jacobsen, S.D. (2020, March 8). An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two). Retrieved from http://www.in-sightjournal.com/wolf-two.

Brazilian National Standards (ABNT): JACOBSEN, S. An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two). In-Sight: Independent Interview-Based Journal. 22.A, March. 2020. <http://www.in-sightjournal.com/wolf-two>.

Chicago/Turabian, Author-Date (16^th Edition): Jacobsen, Scott. 2020. “An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two).” In-Sight: Independent Interview-Based Journal. 22.A. http://www.in-sightjournal.com/wolf-two.

Chicago/Turabian, Humanities (16^th Edition): Jacobsen, Scott “An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two).” In-Sight: Independent Interview-Based Journal. 22.A (March 2020). http://www.in-sightjournal.com/wolf-two.

Harvard: Jacobsen, S. 2020, ‘An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two)‘, In-Sight: Independent Interview-Based Journal, vol. 22.A. Available from: <http://www.in-sightjournal.com/wolf-two>.

Harvard, Australian: Jacobsen, S. 2020, ‘An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two)‘, In-Sight: Independent Interview-Based Journal, vol. 22.A., http://www.in-sightjournal.com/wolf-two.

Modern Language Association (MLA, 7^th Edition, 2009): Scott D. Jacobsen. “An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two).” In-Sight: Independent Interview-Based Journal 22.A (2020):March. 2020. Web. <http://www.in-sightjournal.com/wolf-two>.

Vancouver/ICMJE: Jacobsen S. An Interview with Thomas Wolf on Information Security, Cryptology, Data Privacy, Liberty, and Mass Surveillance (Part Two) [Internet]. (2020, March 22(A). Available from: http://www.in-sightjournal.com/wolf-two.

License and Copyright

License

In-Sight Publishing and In-Sight: Independent Interview-Based Journal by Scott Douglas Jacobsen is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Based on a work at www.in-sightjournal.com.

Copyright

© Scott Douglas Jacobsen, and In-Sight Publishing and In-Sight: Independent Interview-Based Journal 2012-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Scott Douglas Jacobsen, and In-Sight Publishing and In-Sight: Independent Interview-Based Journal with appropriate and specific direction to the original content.  All interviewees co-copyright their interview material and may disseminate for their independent purposes.