I am but mad north-north-west. When the wind is southerly, I know a hawk from a handsaw.
Are you more delusional than Hamlet? Are you nuts enough to think you’ve got digital security down pat? Are your coins as safe as you think? After the past year of Snowden-driven brouhaha, I should hope not.
The MPi-funded, Stanislav Datskovskiy reminds us that we’re out-to-lunch if we’ve ever had delusions of digital security:
Every once in a while, journalists, activists, and political busybodies of all stripes descend into a self-pitying whining orgyabout the electronic escapades of spy agencies. Those dirty crooks, we are told, have the audacity to break codes, spread malware, and – as luck would have it – sabotage security products, open and closed-source alike.
The kind of shenanigans we’ve been hearing about lately aren’t the least bit new. Crypto AG supplied the entire planet with diddled cipher machines for decades – and continues to do brisk business! Microsoft’s crock of shit masquerading as an operating system was ham-handedly back-doored in the ’90s. People whose money, freedom, or even lives appear to depend on keeping snoops and snitches at bay continue to run Windows. If they don’t care, why should anyone else? Nations openly hostile to the United States eagerly run their defense industry (and, by some accounts, even weapons systems) on Microsoft’s turdware. They purchase silicon designed by American engineers, route their packets – often without bothering with crypto of any kind whatsoever – over American networks. They almost literally beg to be pwned. They demand, plead, wheedle:“Please, please intercept our email and telephone conversations! Please supply us with Trojaned operating systems and network hardware! Please sabotage our nuclear fuel refineries!” These words are not spoken out loud, but they are certainly heard – by the “walls that have ears.” And dollars speak louder than words in any case. They speak very loudly indeed.
Mr. Datskovskiy continues:
I for one am greatly surprised to see respectable men of science like Bruce Schneiercalling for lawsuits and parliamentary hearings to rein in the snoops. The very notion of limiting the authority of a secret police agency via laws and regulations is laughable. Quis custodiet ipsos custodes? Who is going to bring down the law upon these fellows? You? Your neighbor? Mr. Schneier? The Pope? The Grand Inquisitor?
On top of it all, I fail to grasp the public’s anger at our cloak-and-dagger friends. It is much like hating the Public Executioner for chopping heads. It’s what he’s paid for! If you don’t care to be separated from your head, take some measures. Said measures could be political (bow in eternal fealty to your beloved Führer) or technological. The one measure which is guaranteed not to work is whining.
Perhaps one day there will indeed be someone you can trust to pronounce – truthfully and competently – that a crypto-system is strong, that a protocol has not been diddled, that your computer serves only a single master. But don’t hold your breath; today’s digital shaman will not help you; he is on the king’s payroll, and will speak the words he was ordered to speak by his liege-lord. And no seal of confession seals his lips. So if you want security, you will have to achieve it on your own: by using systems which you actually understand. All the way down to the silicon. These do not presently exist, but could be made to exist.
Bringing the comprehensible computer into existence is no easy task – but it is surely a considerably-easier (and ultimately more rewarding) task than trying to persuade the headsman to put down his ax and leave your head on its shoulders merely from the kindness of his heart (or because a piece of parchment, written long ago, proclaims that your head ought to stay attached.)
Lest we think otherwise, let this serve as a reminder that we have exactly zero digital security rightsii handed down to us from on high. At best, we have trust in people,iii, not machines. So don’t go giving just give it up your human trust for nothin’.iv
- Still don’t know who MP is? Mircea Popescu owns and operates MPEx and is a backer of all securities listed thereon, including Stanislav’s S.NSA. You can read MP’s musings on Trilema and follow him on Twitter. He doesn’t just fund anyone, so Mr. Datskovskiy is worth paying attention to.↩
- Just as we have no rights that we’re not willing to die for.↩
- For in-person relationships, hopefully you’ve sorta figured out who you can and can’t trust. For on-line relationships, this is established through PGP, the Web of Trust, and one day, a little device called a Cardano.↩
- See The Wallet Inspector’s Promise.↩