Duane: On Mon, Apr 10, 2017 at 14:28:10 -0300, Duane Whitty wrote: > Obviously I'm trying to lighten the mood a little and still explore > what the possibility is, if any, of protecting data from the prying > eyes of tier 1 actors who might not think that what you have is > important enough to kill or injure you for but that they would try > very hard to get by employing other efforts. I'm not saying having a > smart card reader and a pin pad here is going to be the magic amulet > to protect your interests.
It's not that it's impossible to do. But in most cases, because of all of the software, hardware, and wetware used, the attack surface is enormous. If an organization did all of its sensitive computation in a Faraday cage in an underground bunker under constant surveillance, where any operation on any sensitive data requires N people present through a secret sharing scheme, are you going to be better off? Sure. But still not immune to various types of espionage. And there are limits to what is practical. But that's different than the security of an individual, which is what we've been talking about. Corporations can afford to build secure rooms; hire ex-government security officials and other security/crypto experts; build their own hardware; etc. But the more people you involve, the more people you have to trust too. I do not believe that being the target of Mossad or the NSA or GHCQ or other intelligence agency means that a sufficiently well-funded and well-researched corporation is doomed to total compromise. I haven't been given reason to believe that through all the leaks we've seen. These intelligence agencies have immense resources, but certain practices and procedures introduce bottlenecks that increase the cost/risk of an attack possibly to the point that it's not worth carrying out. That's also a driver behind a lot of the legislation/laws we see under the guise of protection against terrorism and "going dark"---if you can't beat 'em, make them let you in. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
