• "Dropping support for a broken crypto primitive is hard in practice
    - but crypto can be broken overnight
    -     what do we do if SHA-1 or RSA falls tomorrow?"

    Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Wegerr, "MD5 considered harmful today - Creating a rogue CA certificate", December 2008
    Read more...

  • “Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice.” … “The major shortfall is absence of assurance or safety mechanisms in software.  If my car crashed as often as my computer does, I’d be dead by now.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008

    Read more...

  • “The time needed to factor an RSA integer is the same order as the time needed to use that same integer as modulus for a single RSA encryption.   In other words, it takes no more time to break RSA on a quantum computer (up to a multiplicative constant) than to use it legitimately on a classical computer.”

    Professor Gilles Brassard,  "Quantum Information Processing: The Good, the Bad and the Ugly", 1997

    Read more...
Home Resources Synaptic publications Input to EC and US funded ICT initiatives pub: Part 6 of Synaptic Labs' input to Think-Trust's D3.1 consultation process
pub: Part 6 of Synaptic Labs' input to Think-Trust's D3.1 consultation process
Tuesday, 26 January 2010 00:00
Authors: Benjamin Gittins, Ron Kelson
Organisation: Synaptic Laboratories Limited
Date: January, 2010
Keywords: Privacy Enhancing Technology (PET), panopticon, accountability, cybersecurity
Electronic Publication: Download as PDF
Abstract:

A) Privacy Enhancing Technologies should be explicitly rejected if they act as a legitimizing facade behind which long-lived privacy invasion and political oppression could be deployed by (present or future) Governments. We recommend that a Global PET solution should be explicitly designed to pro-actively prevent abuse by Governments or Regions; and

B) We recommend that there is a need to explicitly require all stake-holders to be equally accountable in all information processing and security systems.
Quote:

"Synaptic strongly recommends that Privacy Enhancing Technologies should be explicitly rejected by Think-Trust when and if they act as a legitimising facade behind which long-lived privacy invasion and political oppression could be deployed by (present or future) Governments."

"If a Government is permitted the CAPABILITY to employ centralized escrow measures on all security systems in the name of 'accountability' within its jurisdiction, this would fundamentally undermine trust and create the perceptinot the reality of – a panopticon, and open potential for real abuse of the captured and permanently archived data."

"Synaptic asks how can Government controlled pseudo-anonymity protect the civilian from potential abuses within the current, or future Government?"

"If wiretaping and escrow systems are going to be built, then we propose that they must be engineered at the same levels of auditability, robustness and security as National Security Systems and with the same accountability and privacy controls required in Enterprise systems by European Data Privacy Directives."

"It is not sufficient to say, 'Enterprises must behave in this proper way by law', and then not impose functionally equivalent requirements on ALL branches of Government. ... The separation of powers, checks-and-balances and the rule of law should not be an option but a legal requirement in cyber-security systems or electronic law-enforcement activities particularly as it is clearly acknowledged that cyberspace touches every citizen."
See also: Think Trust Public Consultation on Deliverable 3.1
Citation:

Benjamin Gittins, Ronald Kelson, "Part 6 of Synaptic Laboratories Limited's input to ThinkTrust's consultation on their D3.1b Recommendations Report to the European Commission", January 2010
Related work:


Last Updated on Thursday, 01 April 2010 10:44