Shostack + Friends Blog Archive

 

Open Thread

I’d give you a topic, but I’m taking Hilzoy’s advice and going Galt. I’ve taken ads off the blog, given up my lucrative contract for Harry Potter and the Half-Baked Firewall, and so turn this thread over to you with but a single request: civility.

So what’s on your mind?

7 comments on "Open Thread"

  • beri says:

    You’re in the security business. Is it possible for the president (or anyone) to have a REALLY secure Blackberry?

  • mckt says:

    I’ve been picking locks for a while now, but something clicked yesterday in my head and I discovered that I can open every one I try just by slowing down a bit and visualizing.
    This newfound power is a bit intoxicating.

  • Beri asked,

    Is it possible for the president (or anyone) to have a REALLY secure Blackberry?

    The simple answer is “no”, not because Blackberries are inherently insecure, but because everything is. Security is inevitably a matter not of absolutes, of “secure” or “not secure”, but of probabilities. Nothing is REALLY secure.
    There are two real questions. The first is “Is it possible to have a Blackberry that is ‘secure enough’?” and that depends upon what “secure enough” is. “Secure enough” for the president is a really high bar, given the level of threat against him or against things and people that he leverages.
    The second question is “Can that level of security be achieved at a reasonable/justifiable cost?” This is a special case of one of the key questions in engineering. An old-fashioned definition of engineering is “an iterative methodology for deriving cost effective solutions to real world problems”.
    Obama seemed pretty much convinced that being connected to sources of information, advice and fresh ideas and perspectives are essential to the way he works and to his ability to maximize his own success. This was the reason he wasn’t willing to just give up his Blackberry. If he’s right about the importance, then the justifiable cost is pretty high.
    Boiling those two questions down to something answerable, personally, without knowing what gotchas lie hidden in the specific architecture of the Blackberry, I would say that yes, the technology can be made secure enough even for Presidential security needs, given Presidential level resources. Others here may know more than I and contradict that.
    For my money, the real source of security threats in Presidential Blackberry use is not technological. It’s human. If his Blackberry allows him to talk to arbitrarily large groups of people, he will be tempted to make security mistakes, to say things that he shouldn’t to people that he shouldn’t. This is one of the risks of a democracy, we elect people to positions that require immense security, and having a strong grasp of “security thinking” isn’t a job requirement.
    But, in turn, I would argue, the strength of democracy is in the openness, in the ability for the government to benefit from the collective wisdom, knowledge base, and creativity of the whole population. This argues that the value in human terms of the President bursting the bubble around him outweighs both the risks of his doing so and the costs of minimizing those risks.
    One of the great problems of the last administration was the bubble around the President. He came into office knowing or believing that Saddam was a huge threat. The bubble helped him preserve that belief and act on it unaffected by the evidence that bin Ladin was a bigger threat leading up to 9/11 and after it evidence that Saddam was not involved in 9/11, and was a much smaller threat than he believed.
    The web of secrecy and security woven around the President serves to isolate him from both threats and information, from the checks on his power and the balances to it. That has huge impacts on the quality of Presidential risk analysis, and that, not technology, is at the heart of real security.
    Just my 2 bits.

  • beri says:

    Thanks, Jim, for your comments. As a very non-techie person, I was mystified by this obsession of his. And I have a few things I’d like to tell the President….

  • whoisciaradating says:

    According to Bow Wow’s 106 & Park interview, he and Ciara are history and I think [url=http://world66.com/member/whoisciaradating]who is ciara dating[/url] that she may have been the one to end things because he seemed a little bitter about it. I don’t know who she is dating now. That photo of her on Nelly’s bedside on that Over and Over Again video did cause me to think of the possibility of a relationship between Nelly & Ciara but it was after that that she went public with her relationship with Bow Wow. Yesterday on 106 & Park, Lil Fizz (formerly of B2K) hinted that he would be interested in dating Ciara. Rocsi was sure to call him out on that. Ciara is probably weighing her options and playing it cool right now. She may not be dating anyone.

  • GeodeProole says:

    Look at my Site its great see and you will be impressed
    http://www.reseller-heaven.ko.cx

  • cupidpaknaz says:

    Hi dude i am new to this. Just thought that i would say hello to everyone! dont really know
    what else to say. so bye

Comments are closed.