[Cryptography] "Trust in digital certificate ecosystem eroding"

John Gilmore gnu at toad.com
Wed May 6 19:00:16 EDT 2015

> If I were running an investment bank or other enterprise where
> individual employees handled large amounts of the company's money, I
> would think it would be an extremely serious security proglem if
> employees could send and receive communications with outsiders that
> the auditors couldn't read.

So, of course you'd confiscate all employees' cellphones, tablets, and
other personal communication devices at every moment while they are on
the premises.  And prevent them from receiving any such "outsider"
devices, e.g. via postal mail delivered to their office address.
Better hope the employees' cochlear implant doesn't come with Internet
access, (which if it doesn't today, it will soon), since you can't
legally discriminate against the disabled...

How hard would it be for an employee to put a cellular WiFi
access point into their car in the parking lot, and use some
internal device to talk WiFi to it from inside the building?

Or perhaps the employee would just go outside for a cigarette break
whenever they needed to convey confidential information to outsiders
that the auditors couldn't read.  An accomplice hundreds of yards away
with a parabolic mike could hear anything they said while standing 20
feet from the entrance door with their cigarette.  And that's if they
didn't bother to plant a covert mic in the "outside" shrubbery nearby!

Guess you'd better not let the employees go home at all -- who knows
what they'll say if they merely have access to uncensored
communications.  There's plenty of info that can be used to make money
even hours or days after you first learn it; merger and acquisition
negotiations provide an obvious example.


More information about the cryptography mailing list