The various branches of the establishment are frequently criticized for not understanding, or even caring about, the critically important fields of privacy and security. In just one image, the New York Post shows just how bad the situation is with this ignorance.
When I was in the European Parliament, I was frequently shocked at how badly decision-makers and policymakers understood the crucial issues of the 21st century: information, security, privacy (which in turn lead to innovation and growth). Rather, Members of the European Parliament would have e-mails printed for them by their secretaries and put in a pile on their desks, and they would therefore believe that they understood what the Internet was about.
Some decade ago, there was something akin to a riot on the Internet as the copyright industry tried to suppress the key “09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0” from being discussed: this was a cryptographic key for access and playback control of Hollywood DVDs. Everybody who is familiar with the Internet understands the concept of publishing a key. It cannot be undone, and once you publish its secret, you’ve opened Pandora’s box.
A cryptographic key is usually published like above, in a sequence of hexadecimal digits, since that’s the secret of the key. This makes it different from a physical key, where the physical shape of the key is the crucial secret.
Now consider this story by the New York Post, which cries out in terror that a master key to the New York City utilities has leaked. Consider that this story has passed by many people on its way to publishing, all part of the narrative-creating establishment, and consider what their understanding of the most fundamental security must look like.
Yes, that’s the key being discussed right there, the “1620” key. The New York Post is crying out in terror that this master key is on the loose, and goes on to publish the full secret of the key, in gigantic format. From this point, anybody can trivially reproduce this key.
It’s reasonable to ask at what point an ignorance of security to this unbelievable level becomes criminal negligence.
The ignorance is not unlike the fiasco with Diebold voting machines, also about a decade ago. The voting machines were supposedly secure; they needed a key to access the memory card slots. Spare keys were for sale on the Diebold website, and were only sold to certified voting officials. But like any webshop, there were high-resolution photos of the keys to the voting machines right on that webshop, and those images could be (and were) used to create keys that could access the voting records.
Security, too, is starting to become your own responsibility.
(hat tip: @gsuberland)