Here are some quotes from Bruce "Secrets and Lies" Schneier, who is probably the best-known expert in security in the online world.
I pass them along as food for thought: I transcribed his remarks from an online recording, so any mistakes are my fault.
Bill (Remove QRM from my address to write to me directly)
- - - - - - - - - - -
Quotes from Bruce Schneier's talk about the NSA -
"Our goal should be to leverage the economics, the physics, the math - make eavesdropping more expensive. We're never going to eliminate targeted selection. We don't know enough to make computers secure from a targeted attack - but we can build protocols that are secure against bulk collection.
Usable security is hard - the lesson of twenty years of PGP "One Click Encryption" is that one click is too much, but we have counteracting lessons from something like OTR - a really easy to use, powerful chat encryption program. Or, full disk encryption - very easy to use, no latency, we don't even notice it.
Right, so more endpoint security, more cloud encryption, especially on phones, better anonymity tools, better integrated anonymity tools, more open standards, more open source - this stuff is harder to subvert; not impossible, but harder.
Target dispersal: I think we were way more secure when there were 100,000 ISPs than when there are 100, simply because there are more targets.
We need the ability to test whether a program does what we think it does, and nothing else.
There's a lot we can do technically, but largely I think this is a political problem, and it's a difficult political problem. We are now past the point where simple legal interventions can help. If you look at some of the things the President is proposing, they focus on particular collection programs; particular authorities. It's too late for that: the systems are way too robust, but we sort of know what the political solution kind of looks like: transparency, oversight, accountability. This is fundamentally how we secure ourselves when we have to give institutions power over us. The problem is that laws have lagged technology."
Quoted from a talk about the NSA, given by Bruce Schneier at M.I.T.