Robert X. Cringely wonders why data security systems are proprietary and secret. If 1024- or 2048-bit codes take a thousand years to crack, isn’t encryption, combined with a limit on login attempts, good enough? He suggests it’s the U.S. government that doesn’t want us to have really secure networks:
The government is more interested in snooping in on the rest of the world’s insecure networks. The U.S. consumer can take the occasional security hit, our spy chiefs rationalize, if it means our government can snoop global traffic.
This is National Security, remember, which means ethical and common sense rules are suspended without question.
RSA, Cisco, Microsoft and many other companies have allowed the U.S. government to breach their designs. Don’t blame the companies, though: if they didn’t play along in the U.S. they would go to jail. Build a really good 4096-bit AES key service and watch the Justice Department introduce themselves to you, too.
The feds are so comfortable in this ethically-challenged landscape in large part because they are also the largest single employer… on both sides. One in four U.S. hackers is an FBI informer, according to The Guardian. The FBI and Secret Service have used the threat of prison to create an army of informers among online criminals.
While security dudes tend to speak in terms of black or white hats, it seems to me that nearly all hats are in varying shades of gray. …
We’ve created a culture of self-perpetuating paranoia in military-industrial data security by building systems that are deliberately compromised then arguing that draconian measures are required to defend these holes we’ve made ourselves. This helps the unquestioned three-letter agencies maintain political power, doing little or nothing to increase national security, while at the same time compromising personal security for all of us.
Cringely is hopeful that IPv6 and Open Source might “close some of those security doors that have been improperly propped open.”