For the first of this series of blogs, I want to focus on the timely concept of trust.
Timely for the timing of my travelling from the conference Trust in the Digital World, timely as last week saw the announcement of research that CEOs see cyber security as a third priority, whilst news breaks that some laptop models contained suspicious software that some said was spying on users, and whilst NSA whistle blower Edward Snowden revealed that intelligence agencies targeted the world’s biggest manufacturers of SIM cards.
How much trust do we have in our devices that we use every day, that we expect to offer us convenient connections but we have to add security functions to? How often do we buy a new shiny device, open it and start it without any consideration for how secure it is?
The recent story regarding Superfish showed that there is little trust in a device manufacturer, particularly within areas that a user would assume to be secure.
Now compared to the case of a mobile phone, where you add apps and probably assume little of the security of those devices. New game that everyone is talking about? Why not have it for free and don’t worry about the consequences!
To use an analogy of a new car – you buy it and are offered extra services and functions to go with it. At what point do you assume that there are security failings in that car? Probably never, unless you fail to do the regular engine checks and check the tyre pressure, but at what point do you assume that the data that the car is distributing is being monitored? Of course it is never, but with a computer we are going to get to the stage where this is the case.
Within the paranoid realms of information security’s finest, there is a natural paranoia of any technology, that it is not to be trusted. Among the consumer population though, they are not going to be protected unless they are warned about the threat.
In a recent conversation, we got on to the crypto wars of the 1990s, when Governments tried to ban the use of technology such as PGP. These days PGP (version one) is in the hands of Intel via its acquisition of McAfee, while the second version led by Phil Dunkelberger is owned by Symantec and is not battled for by Governments. Why? Is it because Governments have admitted that they cannot break it, or because they have broken it and we are none the wiser?
We are not to know, but now security firms are offering strong crypto and it is demanded for compliance with Government contracts. The wars came to an end and the industry saw the benefits.
The revelations of Superfish will change a lot of assumptions about device security and despite assurances from the software producer and Lenovo that it is safe and has been removed, the mud will stick and both companies will struggle to regain trust.
Trust in the Digital World, these days there may be none at all.
This blog originally appeared at – https://www.foursys.co.uk/Pages/Article/can-you-trust-anyone-in-this-digital-world#.VO3-anysUS6
