In my latest Guardian column, If GCHQ wants to improve national security it must fix our technology, I argue that computer security isn't really an engineering issue, it's a public health issue. As with public health, it's more important to be sure that our pathogens are disclosed, understood and disclosed than it is to keep them secret so we can use them against our enemies.
Scientists formulate theories that they attempt to prove through experiments that are reviewed by peers, who attempt to spot flaws in the reasoning and methodology. Scientific theories are in a state of continuous, tumultuous improvement as old ideas are overturned in part or whole, and replaced with new ones.
Security is science on meth. There is a bedrock of security that is considered relatively stable – the mathematics of scrambling and descrambling messages – but everything above that bedrock has all the stability of a half-set custard. That is, the best way to use those stable, well-validated algorithms is mostly up for grabs, as the complex interplay of incompatible systems, human error, legacy systems, regulations, laziness, recklessness, naivete, adversarial cunning and perverse commercial incentives all jumble together in ways that open the American retailer Target to the loss of 100m credit card numbers, and the whole internet to GCHQ spying.
As Schneier says: “Anyone can design a security system that works so well that he can’t figure out how to break it.” That is to say, your best effort at security is, by definition, only secure against people who are at least as dumb as you are. Unless you happen to be the smartest person in the world, you need to subject your security system to the kind of scrutiny that scientists use to validate their theories, and be prepared to incrementally patch and refactor things as new errors are discovered and reported
If GCHQ wants to improve national security it must fix our technology
(Image: File:CoughsAndSneezesSpreadDiseases.jpg, Wikimedia Commons, Public Domain)
Five years ago, we won an unprecedented victory: spurred on by blackouts of more than 50,000 sites, more than 8 million Americans called Congress to object to the Stop Online Piracy Act (SOPA), a brutal internet censorship bill that would have been a stake through the heart of the open net. SOPA, which had been […]
Sean Bonner’s posted his share of viral images over the years, but the most recent time was a little different: he tweeted a picture of an anti-Trump political sticker he spotted in Tokyo, created by street artist 281_Anti nuke.
Vince Weaver is reimplementing Portal — “the cake acquisition simulator released in 2007” — to the Apple II series of computers, bit by bit — inspired by the fact that the Apple II hires mode has “the perfect Aperture Science orange and blue colors.” He’s released a disc image of the game in Apple Basic, […]
Looking to upgrade your weekend? Here are three randomly awesome products on my mind this week.#3 FRESHeBUDS Pro Magnetic Bluetooth EarbudsAs more and more phones and gadgets switch to Bluetooth-only compatibility, you’ll need to get Bluetooth headphones like the rest of us. I’ve been super impressed with these affordable magnetic headphones. Pull the magnetic earbuds apart to auto-connect […]
Traditional folding wallets are designed for paper bills—but these days, carrying cash is rarely a necessity. More often than not, I don’t carry cash at all. This Bogui Clik Wallet is the best answer I’ve found for avoiding the hassle of those tight-fitting credit card pockets.This attractive, minimalist wallet features a protective lip, so my cards don’t […]
Using my iPhone while it’s charging is always a hassle. With tucked-away outlets and the meager length of included lightning cables, comfortable scrolling while plugged in is annoying. These 10-Ft MFi-Certified Lightning Cables are super convenient and probably the best iPhone accessory purchase I’ve made.At over three times the length of normal cables, these reach anywhere you […]