[Cryptography] All applications need top security (was Re: Director GCHQ speaks at MIT)
Jonathan Thornburg
jthorn at astro.indiana.edu
Wed Mar 9 11:30:58 EST 2016
On Wed, Mar 09, 2016 at 09:47:20AM -0500, Perry E. Metzger wrote:
> > http://www.gchq.gov.uk/press_and_media/speeches/Pages/hannigan-speech-at-mit-front-doors-and-strong-locks.aspx
> >
> > Front doors and strong locks: encryption, privacy and intelligence
> > gathering in the digital era
> >
> > Speech - 08 Mar 2016
> [...]
> > "I don't *need* or *want* [for my family's communications] the same
> > level of security applied to protect a nuclear submarine's
> > communications."
>
> This reminds me of a widely misunderstood principle in secure systems
> that I don't hear talked about much, so I'll bring it up now:
>
> It is seemingly reasonable to say that your discussion with a friend
> about what kind of beer to pick up for a party does not need the same
> level of protection as a dissident discussing an upcoming attempt to
> expose corruption in an election. It is seemingly reasonable to say
> that a connection that is protecting an article about cat food does
> not require the same level of protection as a connection that is
> protecting a large banking transaction.
>
> HOWEVER, the problem is that in practice, both activities will use
> exactly the same protocols and software, identically configured.
[[...]]
+1.
An additional argument in the same direction is that by having the
cat-food-and-baby-pictures traffic protected by the same (strong)
crypto as My Secret Plan for World Domination, the latter no longer
stands out as obviously different from the large mass of
cat-food-and-baby-pictures traffic.
This in turn means that "sending encrypted traffic" or "using good
crypto" no longer marks one as suspicious.
--
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was of course no way of knowing whether you were being watched
at any given moment. How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork. It was even conceivable
that they watched everybody all the time." -- George Orwell, "1984"
More information about the cryptography
mailing list