[Cryptography] dan geer's brilliant talk at rsa...

[Mark Seiden]

perhaps this is slightly off topic for the crypto list, but i think you’ll
want to read this, the text of dan geer’s wise and brilliant 
talk at last week’s rsa…

http://geer.tinho.net/geer.rsa.28ii14.txt

my favorite quote, so far:


"We know, and have known for some time, that traffic analysis is
more powerful than content analysis.  If I know everything about
to whom you communicate including when, where, with what inter-message
latency, in what order, at what length, and by what protocol, then
I know you.  If all I have is the undated, unaddressed text of your
messages, then I am an archaeologist, not a case officer.  The
soothing mendacity of proxies for the President saying "It's only
metadata" relies on the ignorance of the listener.  Surely no one
here is convinced by "It's only metadata" but let me be clear: you
are providing that metadata and, in the evolving definition of the
word "public," there is no fault in its being observed and retained
indefinitely.  Harvard Law professor Jonathan Zittrain famously
noted that if you preferentially use online services that are free,
"You are not the customer, you're the product."  Why?  Because what
is observable is observed, what is observed is sold, and users are
always observable, even when they are anonymous."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140306/f8fd04e7/attachment.pgp>