Trust is inherently built over time and we always talk about the term “trusted advisor” - someone or a group of people that offer impartial advice and counsel. Most people have a certain amount of trust in the technology they use to perform the intended purpose. Within information security, Snowden has significantly damaged the trust that people have in governments and technology firms. The latest attempt to force a technology company to “help” law enforcement agencies is another dent in this trust model. As the article points out, automatic updates have gone a long way in providing a good level of general security to a large audience. If this mechanism is not trusted anymore, where does this leave the industry?
There is a significant battle waging against the use of technology innovation for cyber defence and the use of the same technology to “hide” criminal or terrorist activity. As a provider of information security and risk management services, we rely on building trust not only in our services but the technologies we recommend. We have to adhere to the laws that apply within our Global Risk Operation Centres and we will not divulge information without the necessary authorisation. Equally, we continually test and evaluate our technologies and analyse the risks associated with any update. We have to get this balance right and the increase in cyber attacks will continue to put pressure on our trust models.
Not a Slippery Slope, but a Jump off the Cliff By Nicholas Weaver Wednesday, February 17, 2016, 4:51 PM Google+ Reddit LinkedIn When I first read the court order in the San Bernardino case, I thought it was reasonable, as it is both technically plausible and doesn't substantially impact user security for most people. Even if Apple's code escapes it only compromises security for those who have a weak passcode on an older phone which is then captured by an adversary. As backdoors go, its one that I can (*GASP*) actually live with!