Security quotes of the week

[Posted July 8, 2015 by jake]

Strong encryption would still be available from foreign providers. Some say that any competent Internet user would be able to download strong encryption technology, or install an app allowing encrypted communications — regardless of restrictions on American businesses.

— A glimmer of thought about encryption restrictions from an unexpected source, the US Congress: Senator Patrick Leahy

As computer scientists with extensive security and systems experience, we believe that law enforcement has failed to account for the risks inherent in exceptional access systems. Based on our considerable expertise in real-world applications, we know that such risks lurk in the technical details. In this report we examine whether it is technically and operationally feasible to meet law enforcement’s call for exceptional access without causing large-scale security vulnerabilities. We take no issue here with law enforcement’s desire to execute lawful surveillance orders when they meet the requirements of human rights and the rule of law. Our strong recommendation is that anyone proposing regulations should first present concrete technical requirements, which industry, academics, and the public can analyze for technical weaknesses and for hidden costs.

— Fifteen cryptographers [PDF] in a report on "Mandating insecurity"

It's one thing to have dissatisfied customers. It's another to have dissatisfied customers with death squads. I don't think the company is going to survive this.

— Bruce Schneier on the Hacking Team leak and aftermath

Shorter 15 Cryptographers

Posted Jul 11, 2015 14:45 UTC (Sat) by smitty_one_each (subscriber, #28989) [Link]

>Our strong recommendation is that anyone proposing regulations should first present concrete technical requirements, which industry, academics, and the public can analyze for technical weaknesses and for hidden costs.

"We told you so."

Security quotes of the week

Posted Jul 12, 2015 6:42 UTC (Sun) by marcH (subscriber, #57642) [Link] (5 responses)

> Strong encryption would still be available from foreign providers.

Indeed: it's very generous from the NSA and some US senators to go and try to boost foreign IT industries. They needed it.

Security quotes of the week

Posted Jul 12, 2015 10:41 UTC (Sun) by alonz (subscriber, #815) [Link] (4 responses)

Their next step will be to try and force all foreign governments to adopt the same (or worse) legislation, using secretive trade agreements like TPP.

Security quotes of the week

Posted Jul 12, 2015 17:48 UTC (Sun) by marcH (subscriber, #57642) [Link] (3 responses)

If you meant asking for instance the Chinese government to install Chinese backdoors in Chinese products through some TPP-like agreement, then it could work (ignoring for one minute that these backdoors must already be there)

If you meant asking the Chinese government to install US backdoors in Chinese products, then... you must have been joking :-) Trade agreements are rooted deep in fairness; or at least the very strong appearance of it.

Security quotes of the week

Posted Jul 12, 2015 23:38 UTC (Sun) by mathstuf (subscriber, #69389) [Link] (2 responses)

Fairness for businesses mainly. Typical citizens can get screwed over, and with the new ones, governments can be sued for lost profits due to things like environmental regulations.

Security quotes of the week

Posted Jul 13, 2015 7:44 UTC (Mon) by marcH (subscriber, #57642) [Link] (1 responses)

> Fairness for businesses mainly. Typical citizens can get screwed over,

All typical citizens from all countries can get *equally* screwed over - no particular preference.

Security quotes of the week

Posted Jul 13, 2015 12:48 UTC (Mon) by mathstuf (subscriber, #69389) [Link]

Yeah. There's certainly horizontal fairness. I'm more looking for some vertical fairness.