Monday 18 January 2016

Clinton hints that tech companies have compromised on encryption

From last night's debate:

MITCHELL: But -- but -- Secretary Clinton, you said that the leaders from the intelligence community went to Silicon Valley, they were flatly turned down. They got nowhere.

CLINTON: That is not what I've heard. Let me leave it at that.

Isn't that the absolute worst answer? All things being equal, if there were some kind of deal about encryption, wouldn't it have been better to remain top-secret classified... rather than a person of authority publicly hinting at its existence?

Two obvious problems with this comment:

1) It sows suspicion that U.S. tech is comprehensively pwned. It entrenches the skepticism and skittishness of international companies over the security of our products. Aren't we still dealing with the fallout of that perception?

2) It encourages black-hats to go looking for them - specifically, for the kinds of back-doors that are typically intentional. I'm sure it would be deviously difficult to find, but so was Juniper (but security experts are very skilled), and so was ECHELON (but it was leaked from inside), and so was Stingray (but the FBI and police are terrible at self-restraint), etc.

Granted, obscurity is not security, and there's a Moore's-law-like axiom (er... Schneier's Law?) that backdoors are eventually found. But if there is a backdoor, hinting at it and inviting people to go looking for it seems to expedite that eventuality.



by sfsdfd http://ift.tt/1RPSLYv

No comments:

Post a Comment