|
||
|
3 July 2012. Add response from J. 3 July 2012 Reign of the Sechors
Cypherpunks assume privacy is a good thing and wish there were more of it. Cypherpunks acknowledge that those who want privacy must create it for themselves and not expect governments, corporations, or other large, faceless organizations to grant them privacy out of beneficence. -- Eric Hughes, 1992, at the formation of cypherpunks. From, among other sources this in June 2012. Security, privacy and anonymity specialists -- governmental, commercial, religious, NGO, and individal -- will be here called the security cohorts, in short, "sechors". Security may be seen as including privacy and anonymity and consideration of its limitations and distortions may suffice. While national security may be seen as the greatest and longest-lived offender, blessed by religious doctrine, the rise in popularity of online culture has fostered an increase in the call for for privacy, anonymity and security. Privacy, anonymity and security are at best approximations, at worst totally misleading. Proponents and opponents engage in sophisticated distortions, usually to advance their offerings rather than the interests of their consumers/citizens. Private security experts, among them, Philip Zimmermann and Bruce Schneier, observe that security is never absolute and the challenge is to determine how much and what type of security is needed, rather than expecting total security. Zimmermann's "Pretty Good Privacy" modestly names the paradigmatic disclosure of the limitations of communications security -- "pretty good" is all there is. Schneirer, among others, candidly states the struggle over communications security is endless, for every offense a defense is invented, and vice versa. Security of personal communications does not require measures, some claim, required for national defense. Following this, however, are assertions about the need for personal security against over-reaching national defenses, which, the argument goes, all too often violate the personal rights of citizens by exaggerating national security threats combined with increasingly militarized law enforcement as the military and intelligence apparatuses conjoin with domestic police in times of, allegedly, unduly prolonged national distress. Thus, the welter of Fusion Centers, cascading information sharing, subsumed under Homeland Security and the Directorate of National Intelligence -- or by whatever names all other nations use. The rigging of privacy polices to allow "lawful access" to private data, the insertion of government spies in public and private fora, the pervasive secret siphoning and public subpoenaing of private communications data by agencies of national and domestic security. This has led to increased public opposition to sechors and greater calls for more privacy and anonymity, thereby for enhanced personal security. A prong of personal security demands is for individuals to learn how to secure their own privacy and anonymity to offset the likelihood of misleading, and quite often, lucrative offers by specialists -- governmental, commercial, NGO and individals (here called the security cohorts, "sechors"). But a characteristic of this prong, is for the individal user to be warned by the sechors that security usually fails due to implementation of the user and that it is prudent to have specialists assess any security system. Unfortunately, this allows entry to those more wisely seen as trojans, sechors. Sechors sell round-the-clock, around-the-world security services as necessary, no single product, treaty, armaments-disarmaments sharing will suffice, there must be missionary cathedralization of defense outposts as precondition of survival, falsely-promised personal security the keystone. Can an individual obtain security without succumbing to the propaganda, spying and legislation of the sechors? Bearing in mind that false expectations of privacy, anonymity and security are standard deceptions of the sechors, the answer is yes: by avoiding, by disbelieving the sechors. But it will have to be done solo, not bragged about, certainly not foolishly fully exposed on the treacherous open source testing bed where the pretty good is exchanged, commingled, obscured by the very bad sechors. Ancient, deeply entrenched and perdurable sechors will warn that this note is an example of very poor advice masquerading very bad, to never believe an individual can obtain personal security, privacy and anonymity without reign of the sechors.
Date: Tue, 3 Jul 2012 14:37:13 -0400 You raise many valid points about security, and the need for security expertise. But like the Medical Practice, "Security Practice" needs to be applied prudently. A 10-character password on the underside of a keyboard is no good if the "enemy" knows that that password is there. Nor is a password that is "given away"; someone might have bad habits and by observation and overhearing, discloses their "password list" . Passwords should <<NEVER>> be shared, and yet sometimes that rule is broken -- to the owner's eventual grief. A director of Information Technology should remember that besides Rijndael, (the US-AES) a few other encryption algorithms using 128-bit Input/Output blocks are strong also. And I will <<NOT>> disclose my passphrase password for my OpenPGP key. Adi Shamir has written about "key splitting". It is sometimes better to withhold one's thoughts and comments until a meeting. A message not sent is a message that cannot be intercepted. Security is a practical science. It has to be measured and adjusted, over time.
|