Donate for the Cryptome archive of files from June 1996 to the present

26 March 2014

Ubiquitous Comsec Is a Vulnerability


Ubiquitous use of a comsec system is a vulnerability, whether PGP or Tor or another popular means. Crypto advocates and Tor encourage widespread use as a defense but may be luring victims into traps. The more users of a system the more likely it will be attacked by officials or by malefactors. And the attacks are most often overlooked in the volume, or excused as a price of popularity, fixes underway, always underway, keeping coders and investors happy as engineers mud-wrestling and financiers soused.

Most trusted systems (MTS) are where the money is, as with banks, so that's where robbers make their living, and MTS set up budgets for loss, PR, lobbying, training staff in cover-ups and workarounds, hiring ex-regulators and distinguished industry leaders as advisors, board members and faces of the MTS around the planet.

The lucrative boomlet in comsec generated by Snowden Inc's marketing gambit promoting encryption and enhanced comsec among media mouthpiece megaphones indicates that another cycle of dubity of the status quo comsec confidence game is to be followed by a repair and rejigger protection racket, as evidenced on comsec mail lists, at conferences, and no doubt in halls of semi-classified exchanges everready to share tips and tricks to ratchet up demand for security in all its devilish manifestations.

Was it not mere months ago when a call was issued to redesign and or replace the entire Internet from top to bottom, the whole thing, to end the futile comsec tinkering and delusionary marketing, no way the Frankenstein could be made secure for human use, it had fundamental faults which precluded durable comsec.

Perhaps re-Frankensteining is being done in semi-classified halls, hindered by by official and commercial and scholarly exploiters of the monster's faults to advance their interests in advocating MTS for public use, just keep those researchand investment funds flowing.

No risk, no security market, so what fool would want an Internet that had no faults. No bank would want perfect security to be available directly to customers. No military or spy agency would want perfect national security available to the citizenry. No government would want a threat-free populace. No comsec industry would want ...

Best to aim for pretty good comsec and call it best that can be done but cheating happens, thank you Edward Snowden, so prepare for disaster "not if, not when, but now." Intel committees wokring hand in hand with Snowden Inc. to keep the public panicky and needful of secrecy protection of the holy grail, national security backed by WMD.

In short, Tor is a confidence game, crypto is a confidence game, no better than military, espionage, publicity, entertainment, finance, law, insurance, education and religion. Oops those are the primary routes to wealth and power concentration and need for WMD protection.

What, you say WMD is a confidence game? Getoutahere, that's top secret codeword core faith in secretkeeping. Without that fundamental Frankensteinian fault nobody would buy security against the Doctors of monsters working hard at most secret laboratories on earth to devise crypto for assuring WMD comms and launch threats are pretty good at persuading the public to pay the steep protection fee -- which it should be noted is laundered through IRS and NGOs, blessed by FRS and SEC.

Damn 3 lettered agencies of God.


Similarly, but far more harmful, WMD stockpiling and secrecy are vulnerabilities: the greater the stockpile the more inviting of attacks; the greater the cost of protection, the more elaborate the greater the chances it will fail; the greater the secrecy about the WMD the greater likelihood human failure will occur. Command and control of WMD requires security of design, fabrication, personnel, information, operations, communications, deployment, targeting, among other highest secrecy classifications, with decreasing numbers of persons knowing the highest levels.

Elaine Scarry has recently published Thermonuclear Monarchy: Choosing Between Democracy and Doom, which descrbes the inevitable disaster of over-centralized command and control and global terror of WMD due to exclusion of congressional and public participation.