Sunday, March 26, 2006
Politics keeps creeping in to security
There's no way to avoid talking about politics when you talk about security because laws (sometimes) make a difference. Good laws, like the laws against drunk driving, can reduce a safety problem to a dull roar. Bad laws can make things worse.
One bad law, according to a lot of security and privacy experts, got passed a few years ago and required phone companies, at their own expense, to reprogram their equipment to enable mass eavesdropping. Privacy activists warned that this was a dangerous amount of power for the government to have available. Nobody listened because everyone thinks of privacy activists as nutcases who scream on street corners about conspiracy theories. Security experts warned that if the technical capability was there then bad guys could make criminal use of the facilities that were meant for law enforcement. Nobody listened because, well, nobody ever listens to security people.
The security experts were right. A recent spying scandal in Greece proved them right. Some unknown party ran a massive spying operation on the mobile phones of everyone from journalists to human rights activists to the Greek Prime Minister. The wiretappers used the mobile phone company's back door for police wiretaps. The phone company computers can't tell whether you're a police officer.
But what if it really is the government that's doing the wiretapping? That should be OK, right, because they're out to keep us safe and wouldn't abuse their spying powers? The US government actually admits that they would: they told Congress that they might eavesdrop on conversations with doctors and lawyers and they would feel free to use the information in court. The US government has also had trouble figuring out what an actual criminal is, going so far as to prosecute someone and threaten a six-month Federal sentence for carrying a "No War For Oil" sign.
Casting informed votes and writing to your elected representatives are security measures that need to be part of your security strategy.
|
One bad law, according to a lot of security and privacy experts, got passed a few years ago and required phone companies, at their own expense, to reprogram their equipment to enable mass eavesdropping. Privacy activists warned that this was a dangerous amount of power for the government to have available. Nobody listened because everyone thinks of privacy activists as nutcases who scream on street corners about conspiracy theories. Security experts warned that if the technical capability was there then bad guys could make criminal use of the facilities that were meant for law enforcement. Nobody listened because, well, nobody ever listens to security people.
The security experts were right. A recent spying scandal in Greece proved them right. Some unknown party ran a massive spying operation on the mobile phones of everyone from journalists to human rights activists to the Greek Prime Minister. The wiretappers used the mobile phone company's back door for police wiretaps. The phone company computers can't tell whether you're a police officer.
But what if it really is the government that's doing the wiretapping? That should be OK, right, because they're out to keep us safe and wouldn't abuse their spying powers? The US government actually admits that they would: they told Congress that they might eavesdrop on conversations with doctors and lawyers and they would feel free to use the information in court. The US government has also had trouble figuring out what an actual criminal is, going so far as to prosecute someone and threaten a six-month Federal sentence for carrying a "No War For Oil" sign.
Casting informed votes and writing to your elected representatives are security measures that need to be part of your security strategy.
# posted by Frederick @ 6:07 PM Email to a friend:
Haloscan: they provide trackback