[Cryptography] All applications need top security (was Re: Director GCHQ speaks at MIT)

Henry Baker hbaker1 at pipeline.com
Wed Mar 9 10:13:53 EST 2016


At 06:47 AM 3/9/2016, Perry E. Metzger wrote:
>> http://www.gchq.gov.uk/press_and_media/speeches/Pages/hannigan-speech-at-mit-front-doors-and-strong-locks.aspx
>> 
>> Front doors and strong locks: encryption, privacy and intelligence
>> gathering in the digital era
>> 
>> Speech - 08 Mar 2016
>[...]
>> "I don't *need* or *want* [for my family's communications] the same
>> level of security applied to protect a nuclear submarine's communications."
>
>This reminds me of a widely misunderstood principle in secure systems
>that I don't hear talked about much, so I'll bring it up now:
>
>It is seemingly reasonable to say that your discussion with a friend
>about what kind of beer to pick up for a party does not need the same
>level of protection as a dissident discussing an upcoming attempt to
>expose corruption in an election.  It is seemingly reasonable to say
>that a connection that is protecting an article about cat food does
>not require the same level of protection as a connection that is
>protecting a large banking transaction.
>
>HOWEVER, the problem is that in practice, both activities will use
>exactly the same protocols and software, identically configured.  You,
>as a protocol or software designer, do not get the luxury to provide
>"appropriate" levels of security for different uses.  In practice,
>your protocols and software will sometimes be used for trivia and
>sometimes for things that incredibly important and you will have to
>design for the most important possible use.
>
>Anyone saying that they don't "need or want" the best possible
>security for their communications is, de facto, saying that no one
>should get the best possible security, because even top politicians
>text on iPhones, because even internal bank transaction systems are
>front ended by Firefox or Explorer over HTTPS, because systems of all
>sorts (even very secure ones) are administered over ssh, because
>reporters working in places with hostile regimes use the same email
>programs and systems as people trading baby pictures.
>
>To say "I don't *need* or *want* the same level of security" is to
>express ignorance of the real-world constraints on designers of secure
>systems.  We don't get to hand a teenager one communication application
>and a Senator or top reporter another one -- both will, in the end,
>almost certainly use the same one, and thus we need to assume the
>threat model required by the most serious possible user.

To underline what Perry just said, the WWII Germans didn't think
that weather reports "needed" or "wanted" the highest levels of
security.  Oops!

Ditto for Japanese (& American) discussions of water availability.

Who would have thought that *side-channels* like power, audio,
screen video, RF emanations, etc., would leak so much information?

Who would have thought that OPM information would be so valuable?

Since Dir GCHQ Hannigan couldn't possibly hold his current job & be so
ignorant, I must conclude that he is lying his *ss off.



More information about the cryptography mailing list