The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Just sayin


In the June 17, 2013 online interview with Edward Snowden, there was this exchange:


User avatar for Mathius1

Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption?


Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

I simply thought I'd point out a statement of mine that first appeared in print in 1997 on page 9 of Web Security & Commerce (1st edition, O'Reilly, 1997, S. Garfinkel & G. Spafford):

Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police.

I originally came up with an abbreviated version of this quote during an invited presentation at SuperComputing 95 (December of 1995) in San Diego. The quote at that time was everything up to the "Further...." and was in reference to using encryption, not secure WWW servers.

A great deal of what people are surprised about now should not be a surprise -- some of us have been lecturing about elements of it for decades. I think Cassandra was a cyber security professor....

[Added 9/10: This also reminded me of a post from a couple of years ago. The more things change....]



Posted by Chase
on Thursday, September 19, 2013 at 10:56 PM

Encrypting may help initially, but you have to think about the big picture. How long before they break that encryption? Are we going to live our lives in a security race against the institution we depend on to provide us with security to begin with? There needs to be some middle ground where the government has respect for citizen privacy, but can still run the surveillance security it needs. I’m not saying I have the answer, but it’s something to think about.

Posted by Alex Smith
on Thursday, September 26, 2013 at 04:36 PM

Great book by Linda McCarthy.

Thanks for the post !!

Alex Smith

Leave a comment

Commenting is not available in this section entry.