"A coming cybersecurity schism" by Dr. Andy Farnell
THIS morning we wrote a number of short articles about fake security (or even the exact opposite of it, albeit disguised as "Security" with a capital "S" and fancy acronyms like "CC" or "CoCo"), e.g. one about UEFI 'secure' boot. Andy has just told us about his new and very long article which covers Chat Control, back doors, and lots of other issues. Here are some bits from it:
Recognition of a universal right to digital security - including not just privacy as freedom from technical intrusion but self-determination, secure communication and control of our data - would seem like a natural progression for humanity at this point in history.However, in reality there is almost always a tragedy of the commons where uncertainty, greed and ontological insecurity leads to concentration of capability and leaves some group with no "security resources" at all. So-called "surveillance capitalism" is the face of a system that benefits from one group taking away security from another. It is an "insecurity industry".
[...]
The whole gig is presently about shifting risk and responsibility on to victims through "trickle down insecurity" and the terrifying problem that power wants insecurity - your insecurity, as its own competence wanes.
This includes many things like;
- surveillance laws written with contempt for side effects and technical reality.
- presumption of negligence when customers bank cards are fraudulently used.
- cyber insurance that gives disincentives to firms for doing security well.
- smartphone apps for healthcare that knowingly run on insecure operating systems and exclude patient privacy choices.
- poor or misleading science used to push technologies that favour profit or power above civil security.
- dumb laws (which for example justified claims against UK postmasters) that "computers are always correct".
- schools that mandate proprietary devices that violate children's privacy and safety.
- supermarkets who exclude shoppers without smartphones installed with invasive tracking software.
[...]
The insecurity industry hides itself by creating distracting narratives about shadowy figures. "Hackers" wearing hoodies and balaclavas with green Matrix screens are the iconography to give Joe Public a digestible morsel to chow down. It's something to feel angry against. Yet the real villain is an industry that takes your security away from you in order to sell it back as a branded product that allays fears.
Go read the whole lot over a cup of tea. It's very in-depth and quite hard-hitting.
As an associate of ours frames it, "it's often more profitable for some interest to have thing stay (or become) broken, but (and its big but) the profit is not always monetary."
"It is about control directly and control via surveillance or control through tipping institutions in to crisis management mode due to deployment of substandard tools in place of what used to be fully functional systems.
"What e-mail has become, what with Microsoft losing double-digit messages and locked into proprietary clients (e.g. Gmail and Microsoft Outlook) is merely one example of attacks on open technologies built on open standards." █