Spies can't make cyberspace secure AND vulnerable to their own attacks


In his Sunday Observer column, John Naughton makes an important point that's hammered home by the escape of the NSA/GCHQ Regin cyberweapon into the wild: spies who make war on the Internet can't be trusted with its security.

Read the rest

Schneier: NSA's offense leaves Americans undefended

Writing in the Atlantic, Bruce Schneier explains the NSA's insane program of creating, discovering and hoarding vulnerabilities in computer systems in order to weaponize them. These vulnerabilities allow the NSA to attack its enemies (everyone), but let other states, hackers, and crooks attack Americans. The NSA claims it is "securing" cyberspace, but its dominant tactic requires that everyone be made less secure so that the NSA can attack them if they feel the need.

Read the rest

Security as a public health discipline, not an engineering one

In my latest Guardian column, If GCHQ wants to improve national security it must fix our technology, I argue that computer security isn't really an engineering issue, it's a public health issue. As with public health, it's more important to be sure that our pathogens are disclosed, understood and disclosed than it is to keep them secret so we can use them against our enemies.

Read the rest