It is insufficient to protect ourselves with laws

Many years ago, the security researcher Bruce Schneier wrote the following, oft quoted, statement

It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.

Later on, I read that he had changed his opinion somewhat, and it’s true that for the last 5 years or more, Schneier has written far more about the social and political aspects of security than the mathematical and engineering ones.

Today it has been revealed that the US government has been working with vendors of cryptographic software to secretly “break” their software. This errors may go unnoticed to everyone else, but for those in the know, it means that the cryptography can be broken.

These are not mathematical breakthroughs, they are deliberate errors in the implementation which allow the mathematics to be avoided.

In another article published today, Schneier has given a sort of call to arms to engineers, urging them to “take back the internet.” I think that it’s possible that he is considering that old quote and wondering if he wasn’t, perhaps, right the first time.

This entry was posted in Life, Mathematics and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.