If you are a US company, you are already compromised.

One of the most effective cryptosystem attacks

Silicon valley folks seem to forget that technology is always limited, especially around cryptography. From Bloomsberg:

The companies, burned by disclosures they’ve cooperated with U.S. surveillance programs, are protecting user e-mail and social-media posts with strengthened encryption that the U.S. government says won’t be easily broken until 2030.

That’s all great and all, but there’s a big problem here. It doesn’t matter at all.

Cryptosystems always have the “large-bag-of-money” attack, the “rubber-hose” attack and the “throw-you-into-jail” attack. In the US, the “throw-you-into-jail” attack is particularly easy to use, and is being used as shown by Lavabit, comments by Yahoo’s CEO and the Snowden leaks.

You see, cryptography requires trust, the ability to know that the secret keys have not been transmitted to a untrusted third party. In the US, with the Lavabit case, it has been shown that a US company can be coerced to give up the primary private keys for its cryptosystems. What is worse is that they can be forced to do this and forced to not tell anyone.

This means, put simply, as long as you are an American business, your security must be considered suspect until such laws are put into place forbidding the US government from requesting blanket access to such keys.

It doesn’t matter if you have a gold plated private fiberoptic wire encrypted with the finest 512-bit AES encryption, and guarded at both ends by men with assault rifles and hand grenades. If the US government can demand that they get the get private key, all bets are off.

The only possible way for US cloud services to be considered secure/trustworthy moving forward is for them to either blatantly violate the law (ala Lavabit), force the law to change through heavy lobbying, or move all of their operations off shore and legally ensure that the private keys are out of the reach of the US court system.

If you believe this security theater by Google and other Silicon Valley folks will make a real difference, you are a fool.

“No, we’re not playing with your toys.”

As my son grows up, I find myself doing the strangest things and having the strangest thoughts, mostly when I try to put myself into his shoes.

For the first 6 months, he was really amazing, when we put him down for the night he’d usually suck on his thumb and be out like a light. Now, I have to be slightly more cautious during those first 2-5 minutes after putting him down, lest he get distracted from his goal of sleeping. Usually, during this time, I go and clean up his toys and put them away.

However, I keep on having the strangest thought when I do it and accidentally set off one of the musical or noisy toys, especially when it really sets him off. If I was him and I heard that, what would I think?

I imagine that in his head mommy and daddy are both outside his door playing with his toys now that he is done with them. That all we do when he goes to sleep is play with his stuff.

Image

No wonder he gets upset! I would get upset too if I was put into a dark room so other people could play with my toys without me there.