Quotes About Security

This is why regulation based on the concept of "personally identifying information" doesn't work. PII is usually defined as a name, unique account number, and so on, and special rules apply to it. But PII is also about the amount of data; the more information someone has about you, even anonymous information, the easier it is for her to identify you.

Post-9/11 surveillance has caused writers to self-censor. They avoid writing about and researching certain subjects; they're careful about communicating with sources, colleagues, or friends abroad.

A 2010 investigation found that 1,931 different corporations are working on intelligence, counterterrorism, or homeland security inside the US.

483,000 government contractors hold top-secret clearances: a third of the 1.4 million people cleared at that level.

Apple has a worldwide database of Wi-Fi passwords, including my home network's, from people backing up their iPhones.

For example, we know that the US government convinced Skype—through bribery, coercion, threat, or legal compulsion—to make changes in how the program operates, to facilitate eavesdropping.

we fear terrorists more than the police, even though in the US you're nine times more likely to be killed by a police officer than by a terrorist.

Already law enforcement agencies make use of predictive analytic tools to identify suspects and direct investigations. It's a short step from there to the world of Big Brother and thoughtcrime.

And before any of that can happen, there must be some major changes in the way society views and values privacy, security, liberty, trust, and a handful of other abstract concepts that are defining this

be killed by a police officer than by a terrorist.

Or we fear terrorists more than the police, even though in the US you're nine times more likely to be killed by a police officer than by a terrorist.

The nature of computerized systems makes it easier for the attacker to find one exploitable vulnerability in a system than for the defender to find and fix all vulnerabilities in the system.

The UK company Cobham sells a system that allows someone to send a "blind" call to a phone—one that doesn't ring, and isn't detectable. The blind call forces the phone to transmit on a certain frequency, allowing the sender to track that phone to within one meter.

But when it comes to governments, unhappy as I am to say it, I would rather be eavesdropped on by the US government than by many other regimes.

Two of the NSA's internal databases, code-named HAPPYFOOT and FASCIA, contain comprehensive location information of devices worldwide. The NSA uses the databases to track people's movements, identify people who associate with people of interest, and target drone strikes.

our personal information is being bought and sold without our knowledge and consent.

Snowden put it like this in an online Q&A in 2013: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

Given current laws, trust is our only option.

But eavesdropping acquired a new, and more intense, life after the terrorist attacks of 9/11. "Never again" was an impossible mandate, of course, but the only way to have any hope of preventing something from happening is to know everything that is happening. That led the NSA to put the entire planet under surveillance.

NSA analyst touches something in the database,

The 2016 Worldwide Threat Assessment describes the threat this way: Future cyber operations will almost certainly

Our privacy is under assault from constant surveillance. Understanding how this occurs is critical to understanding what's at stake.

Because we all use the same products, technologies, protocols, and standards, we either make it easier for everyone to spy on everyone, or harder for anyone to spy on anyone.

Anyone who tries to create his or her own cryptographic primitive is either a genius or a fool. Givent the geius/fool ratio of our species, the odds aren't very good.