Security quotes of the week
[Posted June 26, 2013 by jake]
In the long run, I suspect they will result in more deeply buried and impenetrable surveillance empires -- both in the U.S. and around the world -- and a determined sense by their proponents that in the future, the relative transparency we had this time around would be banished forever.
In the short run, we may see some small victories -- like Web firms being permitted by the government to more effectively defend themselves against false accusations, and perhaps a bit more transparency related to the court actions that enable and (at least in theory) monitor these programs.
But beyond that, while hope springs eternal, logic suggests that prospects for the masters of surveillance around the world have not been significantly dimmed, and in fact may have actually obtained a longer-term boost.
—
Lauren Weinstein
Conspiracy theorists may be unsurprised that:
- Microsoft's support for PFS is conspicuous by its absence across Internet Explorer, IIS, and some of its own web sites. Apple's support for PFS in Safari is only slightly better.
- Russia, long-time target of US spies, is the home of the developer of nginx, the web server which uses PFS most often.
- Almost all of the websites run by companies involved in the PRISM programme do not use PFS.
—
Netcraft
looks into
perfect forward
secrecy (PFS)
All of this mapping of vulnerabilities and keeping them secret for offensive use makes the Internet less secure, and these pretargeted, ready-to-unleash cyberweapons are destabilizing forces on international relationships. Rooting around other countries' networks, analyzing vulnerabilities, creating back doors, and leaving logic bombs could easily be construed as acts of war. And all it takes is one overachieving national leader for this all to tumble into actual war.
It's time to stop the madness. Yes, our military needs to invest in cyberwar capabilities, but we also need international rules of cyberwar, more transparency from our own government on what we are and are not doing, international cooperation between governments, and viable cyberweapons treaties. Yes, these are difficult. Yes, it's a long, slow process. Yes, there won't be international consensus, certainly not in the beginning. But even with all of those problems, it's a better path to go down than the one we're on now.
—
Bruce
Schneier
Just as important was what the Japanese government and people did not
do. They didn't panic. They didn't make sweeping changes to their way of
life. They didn't implement a vast system of domestic surveillance. They
didn't suspend basic civil rights. They didn't begin to capture, torture,
and kill without due process. They didn't, in other words, allow themselves
to be terrorized. Instead, they addressed the threat. They investigated and
arrested the cult's leadership. They tried them in civilian courts and
earned convictions through due process. They buried their dead. They
mourned. And they moved on. In every sense, it was a rational, adult,
mature response to a terrible terrorist act, one that remained largely in
keeping with liberal democratic ideals.
—
Freddie
on the Japanese reaction to the Aum Shinrikyo terrorism (from the
L'Hôte blog)
(
Log in to post comments)