This week's news begs the core question of security--one beyond the reach of the cleverest technique--who do you trust.
Many security engineers may be busy this weekend combing through pages of CIA hacks WikiLeaks is making available to tech companies. It’s a sad reminder of one of the dark sides of living in an age Bill Gates used to call “information at your fingertips.”
On Tuesday, WikiLeaks published portions of what it called the biggest leak of CIA information ever. It said it obtained 8,761 documents and files on vulnerabilities and tools to gain access to Windows PCs, Apple and Android smartphones, Cisco routers, Samsung smart TVs--even cars and trucks.
Initially, it published just enough data to establish what it had obtained without releasing all the code and details needed to use the hacks. Yesterday it said it will provide the details privately to tech companies.
The news raises the core question of security—who do you trust? The government? Tech companies who make the gear you buy? Whistleblowers like WikiLeaks trying to make public as much as they feel makes sense? No one?
In my opinion, all sides are generally trying to do the right thing, and all sides have their share of bad actions and actors.
The industry has made huge strides in security. Back in 2003 I started covering the work of the Trusted Computing Group, which established standards for a hardware-backed root-of-trust now widely used in PCs, smartphones and embedded devices.
I’d like to believe the vast majority of the people who join government do so out of a commitment to serve. But I know power corrupts. For years, people will probably debate whether Edward Snowden is a hero or traitor.
Expect many more battles between government and industry along the lines of last year’s standoff between the FBI and Apple. Indeed, there are probably more of these conflicts aired regularly inside boardrooms than we want to know.
In a blog, security expert Bruce Schneier provided advice on how to keep personal information locked down amid the latest security storms. In his chilling conclusion below, he also reminded readers security is a constant battle of measures and counter-measures that will only get worse as the tech industry drives toward the next level of progress--a world of wearable devices and the Internet of Things.
“When secrecy is truly paramount…pick up the telephone and talk. Meet face to face. We don't yet live in a world where everything is recorded and everything is saved, although that era is coming.”
— Rick Merritt, Silicon Valley Bureau Chief, EE Times