When it comes to security and privacy, one of the starkest anomalies of our social common sense lies in this contradiction: On the one hand, government and industry are intensely concerned about cybersecurity, breaches of which have to date caused tremendous havoc while not yet causing the mass casualties that targeted attacks on elements of critical infrastructure could yield. The pressure on enterprises and government operations is to “better secure” their networks, systems and data. In some cases, government will even sue enterprises for data breaches. On the other hand, the government agencies at the epicenter of the cybersecurity concern have been shown to participate in the very activities they are trying to defend against. They have engaged in massive breaches and compromises of internet security. When faced with the commercial reaction — Apple’s security on iOS, for example — to implement strong encryption and enable user control over the keys (i.e., no corporate back-door), security agencies cry foul and demand that these firms create a weakness for government exploitation. Add to this the fact that these agencies cannot themselves control the actions of the individuals working for them. Edward Snowden is the most obvious example of an individual who — to draw on Mikko Hyponnen’s analogy in The Internet is On Fire — pulled a fire alarm and walked away with a trove of classified data. But the better examples of the challenges of insider security come from the far more mundane and everyday abuses driven by personal concerns and errors. These may not occur “every day,” but demonstrate that even the most security conscious organizations on the planet suffer failures. The logical argument against back-doors is that it’s just a matter of time before some individual reveals the secret, using or allowing it to be used it in an inappropriate way.
The madness will continue until we break away from this broken conversation.
Postscript: http://m.spiegel.de/international/germany/a-1010361.html#spRedirectedFrom=www&referrrer=http://t.co/urL1IR2EvD
No comments:
Post a Comment