Skip to main content

Estonian IT security chief: "I don't want to use American encryption anymore"

During a panel discussion at the Forum for International Cybersecurity (opens in new tab) (FIC) in Lille, a leading Estonian cybersecurity expert has called for Europe to abandon American systems of encryption.

Jaan Priisalu, the director general of Estonian Information System's Authority, said "I don't want to use the American standard anymore. Let's develop a European form of encryption."

The comments come amid a scandal in which RSA was reported to have received $10 million to install a back door in their encryption (opens in new tab) for the American National Security Agency.

Among the problems Priisalu identified were the increasing length of RSA encryption keys.

"It is clear that the keys for RSA are ridiculously long already," he said.

He suggested that Elliptic Curve Crytpography (ECC) could be a way forward in the future, but that the proliferation of patent applications had made it a thorny issue.

"A possible next step after the RSA would be Elliptic Curve Cryptography," he said. "However, there are actually 294 patent applications for ECC methods in Europe and each of them could be applied in Estonia if need be."

Priisalu also urged governments to recognise "the need for enforced legislation on banks' cooperation on cyber security."

"We need cyber security because our dependence level is so high," he argued, "Without computers, society begins to collapse. We did a study and found that in terms of critical infrastructure like hospitals and emergency services, 90 per cent of services are dependent in some way on IT."

Complete IT dependency could become a problem in the future, he claimed.

"In terms of IT, there is no low tech solution anymore. Up to 30 per cent of these critical services simply don't work at all if there is an IT failure."

"When you create a dependency for society on your services, you have to pay the price," he went on, "and that price is properly securing your IT networks."

"It's government's task to regulate services," Priisalu added to finish. "And they have to do so on behalf of the private sector."

More from FIC 2014:

Prominent lawyer: Does the cloud have international borders? (opens in new tab)

US Navy professor defends PRISM, calls Internet "a lawless frontier" (opens in new tab)

French defence minister calls for unified front against cyber crime (opens in new tab)

Palo Alto director: "We could see AI in antivirus in the next 5-10 years" (opens in new tab)

FireEye expert: Analysing the "flow of data" is the only way to detect new threats (opens in new tab)

Paul Cooper
Paul Cooper

Paul has worked as an archivist, editor and journalist, and has a PhD in the cultural and literary significance of ruins. His writing has appeared in the New York Times, The BBC, The Atlantic, National Geographic, and Discover Magazine, and he was previously Staff Writer and Journalist at ITProPortal.