We need to ban the hammer


I’ve been thinking about this for some time now. Hammers are just downright dangerous. Every year untold numbers of thumbs are smashed. According to a published FBI crime report, in the year 2012 there were 518 recorded deaths in the United States that were directly attributed to hammers or clubs. The threat is real. How many people have to die every year before we take the time to ban these tools of death?

You still with me?

Now, ponder the growing dissent towards VPN (virtual private network) use, encryption and the technology in general. Rather than tackle the hard problem there is a growing chorus of voices that are hell bent on getting rid of VPN as it is a “tool of criminals”.

Let that sink in for a moment. We are seeing folks blaming the tools as opposed to digging into the root of the problem. Why? Simply because it is easier this way. Take the example of a senior company official at an unnamed telco who very publicly ranted against the use of VPNs as they were “used by thieves” all the while selling their own…VPN service.

This is a frustrating problem. While I can say that they can have my VPN when they pull it from my dead hands that really doesn’t address the chorus issue. Governments used to use what was once dubbed “Gattaca’s Law” on Wikipedia for all of a day before a very uncool editor took it down. At least the original author sent me a screen capture. This rule is a simple one. “When attempting to increase unwarranted surveillance, a government will invoke child protection as validation of their overreach.” As we flash forward to today we find what I will jokingly refer to as “Gattaca’s Second Law”. That being, “When all else fails, invoke terrorism as the validation of surveillance overreach."

And we see this sort of behaviour every day. Take into account the draft of the new UK surveillance bill. While we see that there are unsavory measures such as insisting that telcos retain one year of a customers browsing information worse still was an attempt to outlaw encryption. This has since been removed from the draft but, the attempt was made. Don’t think for a second that they will not try to roll that out again.

A critical event will serve as a catalyst to make it possible to reintroduce the argument that more surveillance and less access to encryption tools. Now, we have the horrible tragedy in Paris. Certainly politicians wouldn’t be so crass as to trade on this horror to pass new legislation...

From Mail Online:

'Security services have to get permission from the app if they want to access the data, but many of the apps have an obligation where they need to notify the user that a request for communication has been made.

'This gives them a heads up and they can then move to another app. We are two or three steps behind them.'

The real rub here is that the people that legislators want to penalize are using their own “crypto” (I say that in quotes as it is no doubt horribly broken) and will not be subject to the laws proposed. The only people to suffer will be the average citizens. Broken logic processes abound.

Much like VPNs and encryption, we must ban the hammer as it will no doubt lead to someone getting bonked on the noggin. If someone wants to build a house from now on they will have to push the pieces of wood together really hard and hope for the best. 


Copyright © 2015 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations