On Fri, Feb 8, 2013 at 1:35 PM, Tom Ritter <[email protected]> wrote: > When law enforcement relies on vulnerabilities in the system (be it > protocols, operating systems, applications, or web sites), they are > incentivized to keep it insecure. If it were secure, how would they > get in?
it would be nice if vulns were finite. experience shows us they are infinite, discovered continuously. only effort required changes over time. > If I were a communications provider (e.g. Silent Circle), and I found > that the FBI was hacking me to learn customer data... what is my > recourse? this treatise is focused on end user devices and not service provider infrastructure. this is a requirement where end-to-end encryption is applied. > Just like when Matt Blaze wrote it in Wired, this feels like a > mistimed April Fools joke. attacking the client is already reality. there are tools to do it, weaponized exploit markets, governments pursuing it for intelligence ops / infowar; it is slowly but surely trickling down into the hands of LE. stuxnet, duqu, flame... there are mobile variants. they'll become better known and more available. i would prefer LE took this route rather than trying to force CALEA for IP, but that doesn't make it any nicer a proposition. best regards, -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
