Security quotes of the week
Strong encryption would still be available from foreign providers. Some say
that any competent Internet user would be able to download strong
encryption technology, or install an app allowing encrypted communications
— regardless of restrictions on American businesses.
— A glimmer of thought about encryption restrictions from an unexpected
source, the US Congress: Senator
Patrick Leahy
As computer scientists with extensive security and systems experience, we believe that
law enforcement has failed to account for the risks inherent in exceptional access systems.
Based on our considerable expertise in real-world applications, we know that such risks
lurk in the technical details. In this report we examine whether it is technically and
operationally feasible to meet law enforcement’s call for exceptional access without causing
large-scale security vulnerabilities. We take no issue here with law enforcement’s desire to
execute lawful surveillance orders when they meet the requirements of human rights and
the rule of law. Our strong recommendation is that anyone proposing regulations should
first present concrete technical requirements, which industry, academics, and the public
can analyze for technical weaknesses and for hidden costs.
— Fifteen
cryptographers [PDF] in a report on "Mandating insecurity"
It's one thing to have dissatisfied customers. It's another to have
dissatisfied customers with death squads. I don't think the company is
going to survive this.
— Bruce
Schneier on the Hacking
Team leak and aftermath