Secure email may give us insecure computers
Lavabit and Silent Circle have joined forces in the Dark Mail Alliance. The intent is to develop open source secure email available to everyone – and given the pedigree within the two companies, they may just achieve it. My story on the Alliance is here on Infosecurity Magazine.
The danger is that in solving one problem the Dark Mail Alliance may leave us with a worse one. If they succeed in securing communications against the likes of GCHQ and the NSA, are we to believe that the spies will say, ‘Oh, well done; we might as well give up on spying and go home?’
That’s a rhetorical question, because of course they won’t. The intelligence agencies may lose battles, but they never concede wars. We should have learnt that when we thought we won the First Crypto Wars. We didn’t. They withdrew, regrouped, and launched a more stealthy attack; which Snowden has demonstrated they have been winning hands down.
The same thing will happen again. If they cannot get at our communications, they will withdraw and try something different. And here’s the danger. If they cannot attack our communications, they will attack our computers.
One route, and one great danger, already exists: the Trusted Computing Platform. Under the guise of providing us with secure computers, governments, agencies and big business suppliers will con the public into using computers secure against all malware except government malware – which we will know nothing about.
So expect this: if the Dark Mail Alliance succeeds, there will be greater emphasis and publicity in getting us to accept the false precepts of the Trusted Computing Platform. We must not.