Monday, July 10, 2017

Mass Surveillance and Targeted Hacking are the Same Thing

So I recommend you give the Morgan MARQUIS-BOIRE T2 Keynote a watch. It takes him a while to really get started but he gets rolling about 20 minutes in.

I think there is one really good quick note from the talk: Targeted and Mass Surveillance are the same thing. This is annoying, because ideologically the entire community wants to draw lines around one or the other. I.E. Targeted Good, Mass Bad.

But the reason you do targeted is to enable mass, and the reason you do mass is to enable targeted. And both are conjoined with "Software Backdoors implanted in the supply chain" in a way that is inextricable. Those of us in the 90's hacker scene used to say that the best way to crack a password was to just grep through your lists of that person's passwords. I.E We always had a million things hacked that we maintained the way a cartoon rabbit maintains their carrot patch, and that's how we did targeted attacks.

So whatever policy decisions you're going to make have to take this into account, and I think that's where the truly hard part starts.

