In my latest Guardian column, If GCHQ wants to improve national security it must fix our technology, I argue that computer security isn't really an engineering issue, it's a public health issue. As with public health, it's more important to be sure that our pathogens are disclosed, understood and disclosed than it is to keep them secret so we can use them against our enemies.
Scientists formulate theories that they attempt to prove through experiments that are reviewed by peers, who attempt to spot flaws in the reasoning and methodology. Scientific theories are in a state of continuous, tumultuous improvement as old ideas are overturned in part or whole, and replaced with new ones.
Security is science on meth. There is a bedrock of security that is considered relatively stable – the mathematics of scrambling and descrambling messages – but everything above that bedrock has all the stability of a half-set custard. That is, the best way to use those stable, well-validated algorithms is mostly up for grabs, as the complex interplay of incompatible systems, human error, legacy systems, regulations, laziness, recklessness, naivete, adversarial cunning and perverse commercial incentives all jumble together in ways that open the American retailer Target to the loss of 100m credit card numbers, and the whole internet to GCHQ spying.
As Schneier says: “Anyone can design a security system that works so well that he can’t figure out how to break it.” That is to say, your best effort at security is, by definition, only secure against people who are at least as dumb as you are. Unless you happen to be the smartest person in the world, you need to subject your security system to the kind of scrutiny that scientists use to validate their theories, and be prepared to incrementally patch and refactor things as new errors are discovered and reported
If GCHQ wants to improve national security it must fix our technology
(Image: File:CoughsAndSneezesSpreadDiseases.jpg, Wikimedia Commons, Public Domain)
For more than four years, we’ve been writing about Prenda Law, a prolific copyright troll (that is, a company that sends dire legal threats and demands for money to people they accuse of copyright infringement, based on the flimsiest of evidence), whose conduct is so breathtakingly illegal that it feels like satire or performance art […]
Ewan McGee writes, “Creators of the YouTube channel H3H3 productions are being sued by the creator of the YouTube channel MattHossZone for showing/talking about one of his ‘pick up’ videos. YouTuber Philip DeFranco talks about the story in his YouTube show, sets up a GoFundMe page for the creators of H3H3 to help them with […]
This week, Marvel Comics published the first issue of Captain America: Steve Rogers in which it’s revealed that since his earliest days, Captain America has been a double agent for Hydra, the thinly veiled allegory for the Nazis; in an epic Twitter rant, Livejournal alumnus and Dreamwidth cofounder Denise Paolucci explains the way that perpetual […]
Jared Sinclair developed the RSS reader app Unread, which made $10,000 in its first 24 hours on the iOS market. And we’ve all heard the story of Flappy Bird developer Dong Nguyen, whose creation was reportedly earning $50,000 a day at the height of its 2013 explosion. While those are rare examples, they’re also testament to the […]
If you or your company’s IT system are besieged by black hat cyber attacks, an ethical hacker might be all that stands between crippling damage and a company’s long-term prosperity. It’s no wonder that the market for IT security specialists is exploding. Certification is the key – so learn the tenets of ethical hacking and get […]
Your laptop and mobile devices are top of the line…so why are you trotting out that raggedy decades-old suitcase when you go somewhere? Time to up your travel game with a complete 5-piece Herschel Travel Luggage bundle…and we’ll even give it to you for free!Of course, you’ve got to win the Ultimate Herschel Travel Bundle […]