We Have Root by Bruce Schneier
Author:Bruce Schneier [Schneier, Bruce]
Language: eng
Format: epub
ISBN: 9781119643128
Publisher: Wiley
Published: 2019-08-02T15:00:00+00:00
Security vs. Surveillance
This essay previously appeared as part of the paper âDonât Panic: Making Progress on the âGoing Darkâ Debate.â It was reprinted on Lawfare. A modified version was reprinted by the MIT Technology Review. (February 1, 2016)
Both the âgoing darkâ metaphor of FBI Director James Comey and the contrasting âgolden age of surveillanceâ metaphor of privacy law professor Peter Swire focus on the value of data to law enforcement. As framed in the media, encryption debates are about whether law enforcement should have surreptitious access to data, or whether companies should be allowed to provide strong encryption to their customers.
Itâs a myopic framing that focuses only on one threatâcriminals, including domestic terroristsâand the demands of law enforcement and national intelligence. This obscures the most important aspects of the encryption issue: the security it provides against a much wider variety of threats.
Encryption secures our data and communications against eavesdroppers like criminals, foreign governments, and terrorists. We use it every day to hide our cell phone conversations from eavesdroppers, and to hide our Internet purchasing from credit card thieves. Dissidents in China and many other countries use it to avoid arrest. Itâs a vital tool for journalists to communicate with their sources, for NGOs to protect their work in repressive countries, and for attorneys to communicate with their clients.
Many technological security failures of today can be traced to failures of encryption. In 2014 and 2015, unnamed hackersâprobably the Chinese governmentâstole 21.5 million personal files of US government employees and others. They wouldnât have obtained this data if it had been encrypted. Many large-scale criminal data thefts were made either easier or more damaging because data wasnât encrypted: Target, TJ Maxx, Heartland Payment Systems, and so on. Many countries are eavesdropping on the unencrypted communications of their own citizens, looking for dissidents and other voices they want to silence.
Adding backdoors will only exacerbate the risks. As technologists, we canât build an access system that only works for people of a certain citizenship, or with a particular morality, or only in the presence of a specified legal document. If the FBI can eavesdrop on your text messages or get at your computerâs hard drive, so can other governments. So can criminals. So can terrorists. This is not theoretical; again and again, backdoor accesses built for one purpose have been surreptitiously used for another. Vodafone built backdoor access into Greeceâs cell phone network for the Greek government; it was used against the Greek government in 2004â2005. Google kept a database of backdoor accesses provided to the US government under CALEA; the Chinese breached that database in 2009.
Weâre not being asked to choose between security and privacy. Weâre being asked to choose between less security and more security.
This trade-off isnât new. In the mid-1990s, cryptographers argued that escrowing encryption keys with central authorities would weaken security. In 2013, cybersecurity researcher Susan Landau published her excellent book Surveillance or Security?, which deftly parsed the details of this trade-off and concluded that security is far more important.
Ubiquitous encryption protects us much more from bulk surveillance than from targeted surveillance.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6634)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6355)
Machine Learning Security Principles by John Paul Mueller(6328)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(5997)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5957)
Solidity Programming Essentials by Ritesh Modi(4066)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3709)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3439)
Mastering Python for Networking and Security by José Manuel Ortega(3362)
Future Crimes by Marc Goodman(3351)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3338)
Blockchain Basics by Daniel Drescher(3308)
Learn Computer Forensics - Second Edition by William Oettinger(3197)
Incident Response with Threat Intelligence by Roberto Martínez(2927)
Mobile App Reverse Engineering by Abhinav Mishra(2889)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2873)
The Code Book by Simon Singh(2837)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(2812)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2787)
