Interesting People mailing list archives
Poor phone security can be more dangerous than no security
From: David Farber <dave () farber net>
Date: Sun, 30 Jan 2005 12:57:57 -0500
------ Forwarded Message From: Lauren Weinstein <lauren () vortex com> Date: Sun, 30 Jan 2005 09:19:20 -0800 To: <dave () farber net> Cc: <lauren () vortex com> Subject: Poor phone security can be more dangerous than no security
------ Forwarded Message From: "Simson L. Garfinkel" <simsong () csail mit edu>
...
Right now the choice is using Skype or using the analog phone on their desk. Discussions about theoretical vulnerabilities and bad-seed super-nodes just scare the activists into thinking that this internet security stuff is too complicated, and they're better off just using that analog phone.
It can be argued that a telecom system that you believe to be reasonably secure (but may actually be subject to monitoring exploits) is fundamentally more dangerous to its users than a totally insecure ordinary analog POTS phone environment. The reason is psychological, not technical. If persons are speaking on an ordinary POTS analog line and are concerned about their subject matter being overheard, they tend to be very careful about the topics under discussion, or at least the explictness of their language. On the other hand, if persons believe that the particular VoIP system that they're using provides better security than POTS, they're very likely to be much more open in their communications over that phone system. If it turns out that the supposedly "secure" system really isn't secure, they've gone from the frying pan into the fire, since the care they had been using in their conversations in the analog case is likely to have been abandoned. --Lauren-- Lauren Weinstein lauren () pfir org or lauren () vortex com or lauren () privacyforum org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, Fact Squad - http://www.factsquad.org Co-Founder, URIICA - Union for Representative International Internet Cooperation and Analysis - http://www.uriica.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Poor phone security can be more dangerous than no security David Farber (Jan 30)