What we're trying to do at Yahoo is build our products so they're safe and trustworthy, not just secure.
I think... all of the best public cryptographers in the world would agree that you can't really build back doors in crypto. That it's like drilling a hole in the windshield.
There are major funding gaps for security research generally, particularly when it comes to defensive security practices and tools that will contribute to the protection and defense of the Internet.
I generally use 'threat intelligence' when I'm talking about a product packaged and sold by a dedicated commercial entity and 'information sharing' as something that happens between security teams at trusted parties without renumeration.
A lot of the people who are hacking on behalf of governments are doing so on a contract basis. And they also do other things. They will hack on behalf of spammers, and will just be hired for a specific job.
Developing safe products for people around the world will mean accounting for a much wider variety of devices, networks, infrastructure, and political environments.
Preventing surveillance of millions of people at a time is totally within our ability.
I don't think it's wrong for companies to work with the government. What's important is being trustworthy and honest with customers.
There are a lot of Yahoo users who live in countries where their freedom of expression and freedom of association is not respected and where the government is trying to put malware on their computers to track them.
Being a CISO is a tough job. I have the end responsibility for the personal information of over a billion people.
If you break into an oil company and you're able to find out what gas leases they're interested in, that could be a multi-billion dollar swing in value for one company over another a multi-decade period.
Tech companies are famous for providing freedom for engineers to customize their environments & experiment with new tools... allowing for this freedom helps creativity and productivity.