Quotable (#208)

From an engrossing discussion of AI threats by Yampolskiy and ‘Spellchecker’ (?):

An AI researcher studying Malevolent AI is like a medical doctor studying how different diseases are transmitted, how new diseases arise and how they impact the patients organism.

If the diseases concerned could read medical papers, that analogy would be perfect.

Quotable (#189)

Agamben (2006):

Because they require constant reference to a state of exception, measures of security work towards a growing depoliticization of society. In the long run they are irreconcilable with democracy.

(Feature, not bug.)

Also this (previously):

In short, discipline wants to produce order, security wants to regulate disorder. Since measures of security can only function within a context of freedom of traffic, trade, and individual initiative, Foucault can show that the development of security accompanies the ideas of liberalism.

In combination, these two sentences provide almost everything political philosophy needs.

Quotable (#101)

Nuance on encryption from some senior voices in the US security establishment:

We recognize the importance our officials attach to being able to decrypt a coded communication under a warrant or similar legal authority. But the issue that has not been addressed is the competing priorities that support the companies’ resistance to building in a back door or duplicated key for decryption. We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring. […] … Strategically, the interests of U.S. businesses are essential to protecting U.S. national security interests. After all, political power and military power are derived from economic strength. If the United States is to maintain its global role and influence, protecting business interests from massive economic espionage is essential. And that imperative may outweigh the tactical benefit of making encrypted communications more easily accessible to Western authorities.

ADDED: Friedersdorf comments.

Distributed Cyberwar

“In The Art of War, Sun Tzu discusses the economic considerations of war, front and center. The business of cyber-security is also an economic game”, writes Gaurav Banga in a clearly-conceived overview of the contemporary threat landscape. The balance of costs and capabilities is presently skewed against the defender. To turn this around requires, first of all, a coherent strategic grasp of the problem, grounded in economic reality. He suggests:

You cannot afford to keep doing more of what you have done in the past, or more incremental versions of this stuff. You have to look beyond Security 1.0. In order to level the playing field, organizations must invest in a strategy that will directly impact the economic costs to malicious actors.

Close your eyes and visualize a heat map of risk for your enterprise. In this picture, every one of your endpoints, enterprise owned or employee owned, client or server, on-premise or cloud hosted, is a little red dot. The size and color intensity of the dot is proportional to the amount of information on the endpoint, and the nature and frequency of Internet interactions that each endpoint has. This is the battlefield!

You are looking for products that reduce your exposure. Your investments must protect your information from unknown Internet programs that run on your endpoints, while still supporting such programs seamlessly. This isolation technology must be simple and robust, like disposable gloves in a hospital. It must be designed such that it costs the adversary significant time and money to try to break through. Ideally, you must also be able to fool the adversary into thinking that they have succeeded, while gathering intelligence about the nature of the attack.

(Related.)

The emerging IoT also has people worried.