[Cryptography] Separating concerns

[ianG]

Hi Phill,

On 28/08/13 21:31 PM, Phill wrote:
> And for a company it is almost certain that 'secure against intercept by any government other than the US' is an acceptable solution.


I think that was acceptable in general up until recently.  But, I 
believe the threat scenario has changed, and for the worse.

The firewall between national intelligence and all-of-government has 
been breached.  It is way beyond leaks, it is now a documented firehose 
with pipelines so well laid that the downstream departments have 
promulgated their deception plans.

And, they told us so.  In the comments made by the NSA, they have very 
clearly stated that if there is evidence of a crime, they will keep the 
data.  The statement they made is a seismic shift;  the NSA is now a 
domestic & criminal intelligence agency.  I suspect the penny has not 
dropped on this shift as yet, but they have said it is so.

In threat & risk terms, it is now reasonable to consider that the USA 
government will provide national intelligence to back up a criminal 
investigation against a large company.  And, it is not unreasonable to 
assume that they will launch a criminal investigation in order to force 
some other result, nor is it unreasonable for a competitor to USA 
commercial interests to be facing a USA supplier backed by leaks.

E.g., Airbus or Huawei or Samsung ...  Or any company that is engaged in 
a lawsuit against the US government.  Or any wall street bank being 
investigated by the DoJ for mortgage fraud, or any international bank 
with ops in the USA.  Or any company in Iran, Iraq, Syria, Afghanistan, 
Pakistan, India, Palestine, ....  or gambling companies in the 
Caribbean, Gibraltar, Australia, Britain.  Or any arms deal or energy deal.



(Yes, that makes the task harder.)


iang