I.T. Security and Linux Administration

Jul 31 2013   9:15PM GMT

More Encryption NOT the Solution?

Eric Hansen Eric Hansen Profile: Eric Hansen

I found an interesting piece/article on Slashdot that covers an interesting prospect to all of the hooplah over the recent scares in IT regarding data theft and storage (looking at you Mr. NSA)…don’t try to implement more encryption.

The basic idea of it is to not look for solutions that add more security to your environment, because with the way things are now its not unfeasible that the government or some other body will look to pursuade businesses to reduce the security in their products.  A good example of this is HTTPS and browsers.  Take the 3 biggest browsers in the market (Firefox, Chrome and IE), and have the government pay up a large lump sum to them to randomize HTTPS keys out of a known dictionary.

This wouldn’t be your normal 300-word dictionary, however.  This would span millions and millions of lines, and with a lot of products introducing cloud and *-as-a-service offerings, there’s no real way that we can tell this isn’t already occurring.

I’m also not a conspiracy theorist either, so if it is or isn’t are two different playing fields, but it should make you re-evaluate what these scares and controversies are really bringing to the table.  My biggest complaint is I’ve always lived the mantra of “if you have nothing to hide then don’t be afraid”.

3  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • TomLiotta
    My biggest complaint is I’ve always lived the mantra of “if you have nothing to hide then don’t be afraid”.   Not having personal secrets is insufficient reason to remain unconcerned.   It can be meaningful to an individual if you truly have nothing to hide. However, much of our society requires "hiding" to happen simply to continue functioning safely.   It's easy to list numerous areas that require secrecy and that are moral, ethical and legal. In various cases, it's even legally required to keep secrets. The ability to discover secrets allows extreme capability for social manipulation. E.g., consider the manipulative potential in the area of 'insider trading'. Other more dangerous areas are easily listed.   As long as we live within a 'free' society, secrecy has an important role. If citizens can't be concerned, there should be no expectation of freedom.   Tom
    125,585 pointsBadges:
  • Ben Rubenstein
    That's a great point Tom (now I need the +1 button). We often sacrifice the greater good because of our own personal biases. Also, are 'secrecy' and 'privacy' the same thing?
    11,255 pointsBadges:
  • TomLiotta
    ...are ‘secrecy’ and ‘privacy’ the same thing?   To me, no, they aren't the same. To me, 'privacy' is (supposedly) guaranteed in Amendment IV: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated...". If my 'person, house, papers, and effects' are inviolable (without proper warrant) against search, I'd say that that's the fundamental definition of 'privacy'.   IMO, for citizens, one basic purpose of 'privacy' is the enablement of personal 'secrets'. Other purposes are also served, but I see the two as being on two different orders of abstraction.   Tom
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: