Hi Phill, On 28/08/13 21:31 PM, Phill wrote:
And for a company it is almost certain that 'secure against intercept by any government other than the US' is an acceptable solution.
I think that was acceptable in general up until recently. But, I believe the threat scenario has changed, and for the worse.
The firewall between national intelligence and all-of-government has been breached. It is way beyond leaks, it is now a documented firehose with pipelines so well laid that the downstream departments have promulgated their deception plans.
And, they told us so. In the comments made by the NSA, they have very clearly stated that if there is evidence of a crime, they will keep the data. The statement they made is a seismic shift; the NSA is now a domestic & criminal intelligence agency. I suspect the penny has not dropped on this shift as yet, but they have said it is so.
In threat & risk terms, it is now reasonable to consider that the USA government will provide national intelligence to back up a criminal investigation against a large company. And, it is not unreasonable to assume that they will launch a criminal investigation in order to force some other result, nor is it unreasonable for a competitor to USA commercial interests to be facing a USA supplier backed by leaks.
E.g., Airbus or Huawei or Samsung ... Or any company that is engaged in a lawsuit against the US government. Or any wall street bank being investigated by the DoJ for mortgage fraud, or any international bank with ops in the USA. Or any company in Iran, Iraq, Syria, Afghanistan, Pakistan, India, Palestine, .... or gambling companies in the Caribbean, Gibraltar, Australia, Britain. Or any arms deal or energy deal.
(Yes, that makes the task harder.) iang _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
