26 March 2014
Ubiquitous Comsec Is a Vulnerability
Ubiquitous use of a comsec system is a vulnerability, whether PGP or Tor
or another popular means. Crypto advocates and Tor encourage widespread use
as a defense but may be luring victims into traps. The more users of a system
the more likely it will be attacked by officials or by malefactors. And the
attacks are most often overlooked in the volume, or excused as a price of
popularity, fixes underway, always underway, keeping coders and investors
happy as engineers mud-wrestling and financiers soused.
Most trusted systems (MTS) are where the money is, as with banks, so that's
where robbers make their living, and MTS set up budgets for loss, PR, lobbying,
training staff in cover-ups and workarounds, hiring ex-regulators and
distinguished industry leaders as advisors, board members and faces of the
MTS around the planet.
The lucrative boomlet in comsec generated by Snowden Inc's marketing gambit
promoting encryption and enhanced comsec among media mouthpiece megaphones
indicates that another cycle of dubity of the status quo comsec confidence
game is to be followed by a repair and rejigger protection racket, as evidenced
on comsec mail lists, at conferences, and no doubt in halls of semi-classified
exchanges everready to share tips and tricks to ratchet up demand for security
in all its devilish manifestations.
Was it not mere months ago when a call was issued to redesign and or replace
the entire Internet from top to bottom, the whole thing, to end the futile
comsec tinkering and delusionary marketing, no way the Frankenstein could
be made secure for human use, it had fundamental faults which precluded durable
Perhaps re-Frankensteining is being done in semi-classified halls, hindered
by by official and commercial and scholarly exploiters of the monster's faults
to advance their interests in advocating MTS for public use, just keep those
researchand investment funds flowing.
No risk, no security market, so what fool would want an Internet that had
no faults. No bank would want perfect security to be available directly to
customers. No military or spy agency would want perfect national security
available to the citizenry. No government would want a threat-free populace.
No comsec industry would want ...
Best to aim for pretty good comsec and call it best that can be done but
cheating happens, thank you Edward Snowden, so prepare for disaster "not
if, not when, but now." Intel committees wokring hand in hand with Snowden
Inc. to keep the public panicky and needful of secrecy protection of the
holy grail, national security backed by WMD.
In short, Tor is a confidence game, crypto is a confidence game, no better
than military, espionage, publicity, entertainment, finance, law, insurance,
education and religion. Oops those are the primary routes to wealth and power
concentration and need for WMD protection.
What, you say WMD is a confidence game? Getoutahere, that's top secret codeword
core faith in secretkeeping. Without that fundamental Frankensteinian fault
nobody would buy security against the Doctors of monsters working hard at
most secret laboratories on earth to devise crypto for assuring WMD comms
and launch threats are pretty good at persuading the public to pay the steep
protection fee -- which it should be noted is laundered through IRS and NGOs,
blessed by FRS and SEC.
Damn 3 lettered agencies of God.
Similarly, but far more harmful, WMD stockpiling and secrecy are vulnerabilities:
the greater the stockpile the more inviting of attacks; the greater the cost
of protection, the more elaborate the greater the chances it will fail; the
greater the secrecy about the WMD the greater likelihood human failure will
occur. Command and control of WMD requires security of design, fabrication,
personnel, information, operations, communications, deployment, targeting,
among other highest secrecy classifications, with decreasing numbers of persons
knowing the highest levels.
Elaine Scarry has recently published
Monarchy: Choosing Between Democracy and Doom, which descrbes the inevitable
disaster of over-centralized command and control and global terror of WMD
due to exclusion of congressional and public participation.