Blog Post

FUD Makes Security Harder

,

The US government’s illogical screeds against better personal encryption for data and communications is well documented. Then comes this reported communication:

Department of Justice: iPhone encryption will lead to the death of a child

I’m hoping the quote given in the article is completely out of context. However, previous statements, including by the FBI Director, don’t give me much hope. What the government is waging is a campaign against encryption using FUD (Fear, Uncertainty, and Doubt). However, what the powers that be seem to keep missing is this simple fact:

If you (FBI, state and local law enforcement) can decrypt it, so can the criminals.

Therefore, the campaign being waged makes us less secure overall. It puts more people at work. And, incidentally, it will lead to more cybercrimes meaning more law enforcement are tied up in those cases. More law enforcement being pulled for cybercrime work means less law enforcement available to do things like prevent murders. Yes, I’m stretching the bounds of logic with that line of reasoning, but less so that the one that says, “Encryption will directly result in a child’s death,” which is what the article reports a DoJ official claiming.

Here’s something else they are missing: if we want better security, we need better awareness. We’re not going to get better awareness by attempting to get people to believe in boogeymen. The first time they realize they’ve been fooled or the threat has been exaggerated, they lose trust in the security (to include law enforcement) community. That one incident may be all it takes for someone to “check out,” and then we’re in a mess. Keep it up, as this FUD campaign is doing, and the majority of people will lose trust and check out. That means they won’t listen. That means they won’t learn. That means they will become more vulnerable than they are now.

Don’t believe me? How often do we talk about the colors of the terrorist threat level nowadays? That’s right, we don’t. Why? How often did we see any validity to the changing of the colors? We didn’t? That means people eventually started ignoring any news about a color change. It didn’t apply. It didn’t affect them. And while it may have been reasonable initially, people stopped listening.

None of that is good.

If we want security to be taken seriously, we’ve got to kill the FUD.

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating

Related content

Technical Article

Database Mirroring FAQ: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup?

Question: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? This question was sent to me via email. My reply follows. Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? Databases to be mirrored are currently running on 2005 SQL instances but will be upgraded to 2008 SQL in the near future.

You rated this post out of 5. Change rating

2009-02-23

1,567 reads

Technical Article

Networking - Part 4

You may want to read Part 1 , Part 2 , and Part 3 before continuing. This time around I'd like to talk about social networking. We'll start with social networking. Facebook, MySpace, and Twitter are all good examples of using technology to let...

You rated this post out of 5. Change rating

2009-02-17

1,530 reads

Technical Article

Speaking at Community Events - More Thoughts

Last week I posted Speaking at Community Events - Time to Raise the Bar?, a first cut at talking about to what degree we should require experience for speakers at events like SQLSaturday as well as when it might be appropriate to add additional focus/limitations on the presentations that are accepted. I've got a few more thoughts on the topic this week, and I look forward to your comments.

You rated this post out of 5. Change rating

2009-02-13

360 reads