Search Mailing List Archives
[liberationtech] Bellovin, Blaze, Clark, Landau
coderman at gmail.com
Fri Feb 8 15:37:38 PST 2013
On Fri, Feb 8, 2013 at 1:35 PM, Tom Ritter <tom at ritter.vg> wrote:
> When law enforcement relies on vulnerabilities in the system (be it
> protocols, operating systems, applications, or web sites), they are
> incentivized to keep it insecure. If it were secure, how would they
> get in?
it would be nice if vulns were finite. experience shows us they are
infinite, discovered continuously. only effort required changes over
> If I were a communications provider (e.g. Silent Circle), and I found
> that the FBI was hacking me to learn customer data... what is my
this treatise is focused on end user devices and not service provider
infrastructure. this is a requirement where end-to-end encryption is
> Just like when Matt Blaze wrote it in Wired, this feels like a
> mistimed April Fools joke.
attacking the client is already reality. there are tools to do it,
weaponized exploit markets, governments pursuing it for intelligence
ops / infowar; it is slowly but surely trickling down into the hands
stuxnet, duqu, flame... there are mobile variants. they'll become
better known and more available.
i would prefer LE took this route rather than trying to force CALEA
for IP, but that doesn't make it any nicer a proposition.
More information about the liberationtech