This Remembrance Sunday We Must Also Remember That Some 'Security Companies' Want More Cyberwar
Remember the young(er) Richard Stallman? Around the time I was born he was working to eliminate computer passwords. No, not breaking into accounts, just making passwords obsolete. His underlying rationale (or his personal motivation) was, passwords would not serve security but ultimately partition computers and keep some people out of necessary access, sometimes for immoral business reasons. The goal was to make hacks like, empty passwords or trivial passwords would let you in, bypassing the demands otherwise imposed by nontechnical bureaucrats.
One can find videos about it. In 1986 he said: "I use my login name as my password." Wikipedia said: "Stallman found a way to decrypt the passwords and sent users messages containing their decoded password, with a suggestion to change it to the empty string (that is, no password) instead, to re-enable anonymous access to the systems. Around 20% of the users followed his advice at the time, although passwords ultimately prevailed. Stallman boasted of the success of his campaign for many years afterward."
Security and access control aren't the same thing, albeit the concepts aren't entirely unrelated. If I let my wife access my computers (and vice versa), for instance, that's possibly an access control problem, but I trust her with my computers, so it's not a security problem and I never lock my screens. It would be futile and self-defeating to lock the screens. It might do more harm than good in case of emergencies. Trust and access control aren't the same concept. In the same vein, we share house keys with other people, sometimes even neighbours who possess "spares". Whether it's Alice and Bob or Roy and Rianne, the idea that people share some accounts isn't an aberration.
Looking at the bigger picture, should we accept the vision of universal back doors as a model of "national security"? That's pretty much what we have right now and therefore the World Wars aren't just kinetic anymore. Hospitals don't need to be bombed or shelled; British hospitals can be destroyed from a distant North Korea without a single ICBM, only Microsoft Windows.
Remembrance Day/Sunday is fast approaching, so I wanted to say a few words, as well as recommend (again) "After Cyberwar" - the latest article by Dr. Andy Farnell, a man whom my wife and I - not to mention Techrights associates - grew fond of because of his writings (he last published here yesterday).
Under the section "Blame games" Andy said: "The same is true for civilians in a war zone. They do not care whose missiles just landed on their farm. Their lot is no better for knowing they were "friendly" ones, or that they were the victim of "necessity" to drive out an enemy."
A few hours ago I said: "We need to reject headlines that say Iran or North Korea or China or Russia compromised some system and instead ask what it was that let them break in. Whose fault was it? Why were holes present? Very often it turns out to have been Microsoft's fault, but the mainstream media stops short of saying that or does not even bother to investigate the real cause (culprit). Headlines that blame Putin and Kim probably attract more clicks and offer political fodder."
The blame game or "attribution" spiel/ritual does not matter much to the so-called "civilians", which in the case of technology means ordinary users who don't dwell in datacentres, deploy code/programs, and write code.
Let's change the attitude we have towards computer security and security journalism. A lot of so-called 'journalism' in this domain is utter trash (example from days ago and another from a few weeks ago). We recently blacklisted some sites that claim to cover security issues because their quality and integrity had been long gone. They'd post obvious lies and peddle "snake-oil" for companies that don't purse security and instead seek to profit from insecurity.
Our goal, overall, should be real security, not ongoing (and prolonged) war. Some companies profit from the cyberwar; hence, their objective is not to end the war. █