Re: The CIA mentions us


Hi Ted, Bob,

On 10/03/17 22:53, Bob Hinden wrote:

Ted,

On Mar 10, 2017, at 1:46 PM, Ted Lemon <mellon(_at_)fugue(_dot_)com> wrote:

The one thing I wish you'd mentioned in this blog, but did not, is
a point someone made earlier on this thread: that the fact that the
CIA needs to hack individual devices to bypass end-to-end
encryption means that what we are doing in promoting encryption is
effective and worth doing: rather than everybody's communications
being vulnerable, individuals must now be targeted.


I think thatâ€™s a good point.

To expand what you said, these tools are for targeted attacks, not
mass surveillance.


I don't think your optimistic conclusion here follows, for two
reasons. Firstly, we've seen that the adversary here is not
driven by economic concerns and will attack not just a weakest
link, but all possible targets they can afford given their very
very large budgets. That I think means that these kinds of attacker
will attempt both pervasive and targeted attacks, and the fact
that they attempt the latter does not mean that the don't try
both. Secondly, it may be that different kinds of attacker have
different kinds of targets/goals and that some attackers here
(such as the claimed source of these materials) are generally
more interested in individuals and not in populations. So again,
without further information, the interest in targeted attacks
does not imply a technical or practical inability to mount
pervasive monitoring attacks.

And while I do think that the actions that many people in the
Internet community and in the IETF have taken have probably
made pervasive monitoring harder and/or more costly, I do not
think that's really that relevant to this particular leak. In
this case, I think the much more interesting thing is that
this is yet another demonstration that attack code that is
intended to be used for attacks (as opposed to demonstration)
is in the end hugely counter-productive. (And immoral too IMO,
but I'd not claim that we all need to agree with that last;-)

Encryption continues to be a strong protection
against mass surveillance.


I totally agree encryption is a major tool in our armoury.
But that's kind of orthogonal to issues arising from this
incident I think.

Cheers,
S.

Bob

signature.asc
Description: OpenPGP digital signature

<Prev in Thread]	Current Thread	[Next in Thread>
Re: The CIA mentions us, (continued) Re: The CIA mentions us, Phillip Hallam-Baker Re: The CIA mentions us, Vinayak Hegde Re: The CIA mentions us, willi uebelherr Re: The CIA mentions us, Michael Richardson Re: The CIA mentions us, Phillip Hallam-Baker Re: The CIA mentions us, Jari Arkko Re: The CIA mentions us, Ted Lemon Re: The CIA mentions us, Bob Hinden Re: The CIA mentions us, Jari Arkko Re: The CIA mentions us, Phillip Hallam-Baker Re: The CIA mentions us, Stephen Farrell <= Re: The CIA mentions us, joel jaeggli Re: The CIA mentions us, Ted Lemon Re: The CIA mentions us, Phillip Hallam-Baker Re: The CIA mentions us, willi uebelherr Re: The CIA mentions us, Yoav Nir Re: The CIA mentions us, willi uebelherr RE: The CIA mentions us, Tony Hain Re: The CIA mentions us, Rich Kulawiec