canmove, Confirmed users
1,537
edits
User:Sidstamm/Notes July 2014 SOUPS: Difference between revisions
→Keynote: Chris Soghoian -- Sharing the blame for the NSA's dragnet surveillance program
No edit summary |
|||
| Line 170: | Line 170: | ||
= Day 2: SOUPS main track = | = Day 2: SOUPS main track = | ||
== Keynote: Chris Soghoian -- Sharing the blame for the NSA's dragnet surveillance program == | == Keynote: Chris Soghoian -- Sharing the blame for the NSA's dragnet surveillance program == | ||
This talk was about government spying on people/suspects. People don't buy things or generally expect to be "attacked" (I don't buy a laptop based on thinking I'll be raided by the FBI in the future). | |||
''Phones.'' | |||
Supreme court ruled recently that we have reasonable expectation to privacy on phones and other digital portable devices. | |||
At the US border, authorities can inspect and image any of your devices (but not make you enter your password). | |||
Mobile developers don't advertise security as a selling point. It's hard to weigh security benefits of various apps when the devs don't say things about how they secure things. | |||
Apple ''did'' decscribe how their security works on iOS; it says that with a pin, your device is encrypted -- strongly. | |||
Apple and google also have mechanisms to bypass any encryption with a warrant. | |||
''Desktop.'' | |||
Windows limits which consumers (via home/pro/ultimate) versions get disk encryption. Windows 8.1 has it for all versions, but has not in the past packaged the option with home. Apple offers it to all Mac OS X users. Defaults and incentives are not there to benefit the majority of people. This is ''default security for the rich.'' | |||
We know how to fix this, but security isn't reaching poorer users. | |||
Tech can protect us when the law can't. So we should have protection tech. | |||
''Mail.'' | |||
GPG is not usable. Glen Greenwald couldn't use it when he needed to protect a source. | |||
Nothing has changed since "Why Johnny Can't Encrypt." | |||
What about email subjects and attachment names? PGP doesn't help obfuscate these. | |||
Existing tools do not suit the needs of non-technical users. The market forces are against default/easy-to-use crypto. | |||
* Data loss concerns | |||
* Business model (data mining companies) | |||
* government and law enforcement pressure | |||
* Lack of market power in the orgs that want to make change | |||