The backbone of relationships in the IT sector is trust

Fabasoft CEO Helmut Fallmann comments on futurezone’s June 20, 2014 interview with Norbert Haslacher, CSCAustria & Eastern Europe CEO

The revelations of the espionage practices of the NSA and the British GCHQ’s have shaken many professional user’s faith in IT security. Serious providers, including those who take the issue of security seriously, will have to work very hard to regain customers’ trust in the integrity and security of data stored in the cloud. I agree to some extent with what Norbert Haslacher, the CEO of the CSC in Austria & Eastern Europe, said in his June 20, 2014 interview with futurezone. In light of the nearly paranoid data-mining activities of international intelligence agencies, one necessary step towards restoring confidence would be to disclose the terms that European governments have negotiated with the NSA regarding the sharing of private data. Precisely such a heightening of data protection and this higher transparency at intergovernmental data transfer constitute a central element of the new European basic data protection regulation.

Despite the truth of these words being incontestable, hearing them from the mouth of the high representative of a global corporation such as the CSC(Computer Science Corporation) headquartered in the U.S. still gives me a certain disconcertment. It would not have escaped anyone who has so much as occasionally read well-known publications such as the Süddeutsche Zeitung or Guardian in the past that the CSC, which has a contract with the government, is accused of aiding and abetting in the espionage activities of the NSA!

The fact that the CSC is listed as a contract partner in nearly every sector in which the government collects and processes highly sensitive private data – and that in countries such as Germany and the U.K, in which data protection regulations are being either eroded or legally undermined – is especially unsettling. In Germany, the CSC’s involvements include working the visa information service of the U.S. Embassy as well as with the Federal Criminal Police Office regarding the constitutionality of the “Bundestrojaner” (State Trojan) spying software’s source code and the issuing of firearms licenses and ID cards. In the UK, the CSC is currently working with Home Office to improve border controls and refine the UK visa rules by using advanced biometric procedures. The corporation also supplies IT services to the National Health Service’s (NHS) IT program, which is worth billions of pounds.

I cannot believe that all this access to confidential data and the explanations that German and British governmental authorities have offered to the effect that all these contracts were awarded in good faith and with an eye towards the judicious use of tax money are coincidental. And I do not doubt the credulity of the media who are revealing this information. The Guardian and the Washington Post won this year’s Pulitzer Prize for “public service” for their work on the Snowden case.

Norbert Haslacher’s explicit claim that his subsidiary has no contractual relation to the NSA is right in line with the unconvincing explanations that have been offered in Germany and the UK. But to compete for the big markets of the future, such as infrastructure, cloud, big data, and cyber security, he has to mumble off the mantra of the U.S. tech titans: “The accusations are groundless; we have always operated in accord with the respective country’s laws, and we know how to regain faith in the IT industry.”

Norbert Haslacher is right that the future lies in “service-enabled enterprise” based on cloud computing. He also knows too that trust is the central concept behind this model. If IT firms strive for this paradigm shift and dare to take the leap towards an innovative future, then they should look very closely at a company’s trust framework and reputation with regard to data protection and data security when choosing a provider.

I completely disagree with Norbert Haslacher on one point. We Europeans are not going to step into the ring with global manufacturers of routers and hardware. Nor will we isolate ourselves from other countries in routing our data. But it is precisely the field of software development through which the European cloud industry could improve its standing in the global IT arena – be that, for example, on the basis of open source, via security measures such as implementing scion routings (ETH Zürich, Professor Adrian Perrig) to improve the ability of network infrastructures to withstand hacker attacks, or through the design and selection of cloud locations and their connection via more secure connections based on optical fibers. Is it finally clear why companies such as the CSC don’t want to do anything about the U.S.’s dominance of the global IT industry?