[Cryptography] How the CIA Made Google
ianG
iang at iang.org
Mon Feb 2 17:32:50 EST 2015
On 1/02/2015 02:36 am, grarpamp wrote:
>> The reality I suspect is: Google protects its data with more
>> care than most federal agencies.
>
> Data protection regimen is separate from what you elect to
> do with that data. Good regimen makes it easier to control
> and manage your plans, ie: classification.
Thanks for bringing us back on track.
Our minds tend to turn the original dramatic claims into what we want to
and can defend against. Says something, right?
The original article was not about google doing bad security work. We
all know google employs all the best and brightest on the planet, it's
technical security work is presumably second to none.
Rather, the original article was about its executive levels being too
cozy with the 'Highlands Forum' for want of a better name.
In my experience, the favoured attack of the agencies is not to attack
the corporation's data systems, but to place people inside the org. I
say this from 1st hand: I was taught what the approach would look like,
we already had track record in the approach, we developed the systems to
mitigate the threat, and I personally had to deal with an approach,
which was later confirmed by an independent source.
Circumstantially, that matches what the article is trying to say, but
lacking the sort of deep paranoid (!) spy understanding of how these
things work, the article is easy to dismiss. And, as clearly, if your
mind is a tech-hammer, you'll relish banging cryptographic nails in to
any problem.
iang
More information about the cryptography
mailing list