In my latest Guardian column, If GCHQ wants to improve national security it must fix our technology, I argue that computer security isn't really an engineering issue, it's a public health issue. As with public health, it's more important to be sure that our pathogens are disclosed, understood and disclosed than it is to keep them secret so we can use them against our enemies.
Scientists formulate theories that they attempt to prove through experiments that are reviewed by peers, who attempt to spot flaws in the reasoning and methodology. Scientific theories are in a state of continuous, tumultuous improvement as old ideas are overturned in part or whole, and replaced with new ones.
Security is science on meth. There is a bedrock of security that is considered relatively stable – the mathematics of scrambling and descrambling messages – but everything above that bedrock has all the stability of a half-set custard. That is, the best way to use those stable, well-validated algorithms is mostly up for grabs, as the complex interplay of incompatible systems, human error, legacy systems, regulations, laziness, recklessness, naivete, adversarial cunning and perverse commercial incentives all jumble together in ways that open the American retailer Target to the loss of 100m credit card numbers, and the whole internet to GCHQ spying.
As Schneier says: “Anyone can design a security system that works so well that he can’t figure out how to break it.” That is to say, your best effort at security is, by definition, only secure against people who are at least as dumb as you are. Unless you happen to be the smartest person in the world, you need to subject your security system to the kind of scrutiny that scientists use to validate their theories, and be prepared to incrementally patch and refactor things as new errors are discovered and reported
If GCHQ wants to improve national security it must fix our technology
(Image: File:CoughsAndSneezesSpreadDiseases.jpg, Wikimedia Commons, Public Domain)
This is a pretty amazing vacancy: “You will lead Consumer Reports in our effort to realize a market where consumer safety is protected through strong encryption; consumers’ rights to test, repair, and modify their devices are supported by copyright, security, and consumer protection laws; and consumers are empowered to make informed choices about IoT products […]
Gus the hacker puppeteer writes, “Many of us hoped the Internet would disrupt the music industry along with all other media industries, giving more power — and more pay — to musicians and songwriters. And yet, somehow the amount musicians get paid each time their songs stream is a tiny fraction of a cent.”
The trademark was granted to discount eyewear company Specsavers, whose slogan is “should’ve gone to Specsavers.” If you object, you have until October 12 to file with the IPO.
If you’re looking to earn a top salary in the tech industry, there’s no better career than coding. However, sometimes the hardest part of entering this career path is knowing where to begin.We took the Complete Web Developer Course because it took that decision out of our hands. This course teaches beginner-friendly coding languages that will also help land an immediate […]
To be a Pokémon master, you’ll need a phone that won’t constantly die on you. Because nothing is worse than seeing the screen go black right as you’ve finally found the Charizard of your dreams.That’s why we’re so excited about the LinearFlux PokeCharger Portable Battery ($39.99). With its 3.0 Amp HyperCharging technology, this slim battery will […]
The tech industry is constantly innovating, and in order to stay competitive, you’ll need to keep up. The Programming Into the Future Bundle was created to teach you the skills employers are looking for at this very moment, including in-demand coding languages like Google Go.The bundle of courses includes instruction on a range of innovative tools that advanced coders […]