[Dailydave] I am the reason we cannot have nice things on the Internet.

Parity pty.err at gmail.com
Thu Oct 23 20:07:26 EDT 2014


The list of toxic effects of the (global) intelligence community's meddling
in the (global) IT industry affairs goes on ad nauseum. To Thomas' list we
can also add the actual weakening of the security of technology products &
services, the gagging of technology & telecom businesses w/r/t compulsive
cooperation with LE & intelligence agencies in any number of jurisdictions,
and all of the concomitant damage done the their businesses and brands.
 (This is all never minding the litany of wrongs which may or may not have
actually been done customers.)

Yeah, sure, spies gonna spy, but that doesn't mean global tech has to feel
okay about picking up the tab.  Global tech is just pavement for the
(global) intelligence community, and it knows it. Compounding the injury,
tech markets are bakanizing in response to IC misbehavior.

At this point I'm just waiting to see the first reports of the global tech
industry making serious moves to organize in support of a few broad-stroke
technology goals, namely -

* Take stock of global critical technology infrastructure, identify world's
most security-critical protocols, standards, and implementations

* Serious research in hardware verifiability

* Serious research in deterministic bulids and broader subject of software
verifiability

* Increase pressure on the 0-day market with large-scale contributions to
vulnerability research, discovery, disclosure, and repair (thinking along
the lines of a global-scale Project Zero)

* Move itself and its infrastructure out of the intelligence gathering
loop.  Device encryption by default, end-to-end secure channels by default,
no escrow.

* Renewed commitment to open standards, ejecting the toxic players from the
process.

$0.02,

pty


On Wed, Oct 22, 2014 at 5:27 PM, Thomas Quinlan <tom at thomasquinlan.com>
wrote:

> It's late & I'm scratching this out on my phone, but the problem may
> actually be four-fold. My last two points, plus:
>
> 3 - Parallel Reconstruction. This is quite scary. It undermines basic
> legal tenets that we've had for hundreds of years. Additionally, people
> aren't even doing it well. A leaky captcha? Please, anyone with a modicum
> of understanding about how things work saw right through that.
>
> 4 - Targeting journalists. Show from the corporate owned media problem,
> NSA/government do themselves no favors detaining &/or targeting
> journalists. It happened again this morning in New Zealand. "Oh, this has
> nothing to do with that expose you just did on us & is totally related to
> something else you may be tangentially involved in from five years ago but
> we'll take all your things. And your daughter's. You know. Just to be safe."
>
>
> On 22 October 2014 22:43:39 Andreas Lindh <andreas.lindh at isecure.se>
> wrote:
>
>  Dave,
>>
>> I read that piece and thought it was quite well written. I also think that
>> you¹re wrong on several accounts.
>>
>> First of all, the US is not the Internet. Saying that it¹s a good thing
>> that the US has "the most sophisticated cyber arsenal of any other country
>> on the planet² is just irrelevant in this context. You are addressing the
>> claim that the US is the biggest threat to the Internet, not to other
>> countries who happen to have a presence on the Internet. This is an
>> Internet issue, not some military dick waving contest. Also, considering
>> the US habit of starting wars, I¹d wager that large parts of the world
>> actually think it would be an even better thing if the US did not have
>> such an awesome arsenal at all.
>>
>> Second, you claim that the US is not hacking for competitive advantages. I
>> get that you¹ve been a part of this machinery and probably knows what
>> you¹re talking about, but still. Should we just take your word for it? And
>> if so, why should your word carry more weight than when China says the
>> exact same thing?
>>
>> Third, using ³but everyone else is doing it too² as an excuse is just
>> childish.
>>
>> This is not a US military issue, this is about privacy for _everyone_.
>>
>> Andreas
>>
>>
>> Read more:
>> http://www.businessinsider.com/expert-here-are-4-things-
>> edward-snowden-gets
>> -wildly-wrong-about-the-nsa-2014-10#ixzz3GuB8jeC4
>>
>> On 2014-10-22 19:37, "Dave Aitel" <dave at immunityinc.com> wrote:
>>
>> >Article that dropped today. I have learned from the comments that I am
>> >the reason we cannot have nice things:
>> >http://www.businessinsider.com/expert-here-are-4-things-
>> edward-snowden-get
>> >s-wildly-wrong-about-the-nsa-2014-10
>> >
>> >Prepub Review Document:
>> >https://pbs.twimg.com/media/B0jFP8bCQAA_jxQ.jpg:large
>> >
>> >Next week I'm going to give a talk here, available for beers/heckling!
>> >http://www.eventbrite.com/e/georgia-tech-cyber-security-
>> summit-2014-ticket
>> >s-11887603141
>> >
>> >-dave
>> >
>> >
>>
>>
>>
>> ----------
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>>
>>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141023/f7c2a879/attachment-0001.html>


More information about the Dailydave mailing list