Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Poor phone security can be more dangerous than no security

From: David Farber <dave () farber net>
Date: Sun, 30 Jan 2005 12:57:57 -0500

------ Forwarded Message
From: Lauren Weinstein <lauren () vortex com>
Date: Sun, 30 Jan 2005 09:19:20 -0800
To: <dave () farber net>
Cc: <lauren () vortex com>
Subject: Poor phone security can be more dangerous than no security


------ Forwarded Message
From: "Simson L. Garfinkel" <simsong () csail mit edu>

  ...

Right now the choice is using Skype or using the analog phone on their desk.
Discussions about theoretical vulnerabilities and bad-seed super-nodes just
scare the activists into thinking that this internet security stuff is too
complicated, and they're better off just using that analog phone.


It can be argued that a telecom system that you believe to be reasonably
secure (but may actually be subject to monitoring exploits) is
fundamentally more dangerous to its users than a totally insecure
ordinary analog POTS phone environment.

The reason is psychological, not technical.  If persons are speaking
on an ordinary POTS analog line and are concerned about their subject
matter being overheard, they tend to be very careful about the
topics under discussion, or at least the explictness of their
language.

On the other hand, if persons believe that the particular VoIP
system that they're using provides better security than POTS,
they're very likely to be much more open in their communications
over that phone system.  If it turns out that the supposedly "secure"
system really isn't secure, they've gone from the frying pan into
the fire, since the care they had been using in their conversations
in the analog case is likely to have been abandoned.

--Lauren--
Lauren Weinstein
lauren () pfir org or lauren () vortex com or lauren () privacyforum org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
                     Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com

------ End of Forwarded Message


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: