[Cryptography] Now it's personal -- Belgian cryptographer MITM'd by GCHQ/NSA

Phillip Hallam-Baker hallam at gmail.com
Sat Feb 1 20:33:02 EST 2014


Why assume that its the NSA/GCHQ?

When I got stopped three times by UK customs on one trip during the crypto
wars it was pretty obvious what was going on. But this incident could have
been due to Iran, Israel, Russia, China (in no particular order) and there
might well be more countries getting in on the pervasive intercept party.

This is not about stopping the NSA. The NSA wanabees are far more numerous
and likely just as well resourced. They won't have as much cash but they
will use what they have at least ten times more effectively.


We do have a model for protecting Web sites that works pretty well called
PCI. That is the scheme that the credit card companies developed to protect
their assets when they are exposed online. PCI is supported by numerous
tools and services that provide compliance checking. It isn't perfect but
it is a known starting point.

What we need is PCI for social media sites and for email providers. It does
not have to be perfect and it won't be. But it will be a start. And unlike
the credit card companies we have a lot more ability to change our
credentials.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140201/68600b4b/attachment.html>


More information about the cryptography mailing list