[Cryptography] Separating concerns
ianG
iang at iang.org
Thu Aug 29 04:27:59 EDT 2013
Hi Phill,
On 28/08/13 21:31 PM, Phill wrote:
> And for a company it is almost certain that 'secure against intercept by any government other than the US' is an acceptable solution.
I think that was acceptable in general up until recently. But, I
believe the threat scenario has changed, and for the worse.
The firewall between national intelligence and all-of-government has
been breached. It is way beyond leaks, it is now a documented firehose
with pipelines so well laid that the downstream departments have
promulgated their deception plans.
And, they told us so. In the comments made by the NSA, they have very
clearly stated that if there is evidence of a crime, they will keep the
data. The statement they made is a seismic shift; the NSA is now a
domestic & criminal intelligence agency. I suspect the penny has not
dropped on this shift as yet, but they have said it is so.
In threat & risk terms, it is now reasonable to consider that the USA
government will provide national intelligence to back up a criminal
investigation against a large company. And, it is not unreasonable to
assume that they will launch a criminal investigation in order to force
some other result, nor is it unreasonable for a competitor to USA
commercial interests to be facing a USA supplier backed by leaks.
E.g., Airbus or Huawei or Samsung ... Or any company that is engaged in
a lawsuit against the US government. Or any wall street bank being
investigated by the DoJ for mortgage fraud, or any international bank
with ops in the USA. Or any company in Iran, Iraq, Syria, Afghanistan,
Pakistan, India, Palestine, .... or gambling companies in the
Caribbean, Gibraltar, Australia, Britain. Or any arms deal or energy deal.
(Yes, that makes the task harder.)
iang
More information about the cryptography
mailing list