Wednesday, December 30, 2009

Security by denial

Recently I've stumbled upon the following news Cellphone Encryption Code Is Divulged. Look at the great authorities response:

The G.S.M. Association, the industry group based in London that devised the algorithm and represents wireless companies, called Mr. Nohl’s efforts illegal and said they overstated the security threat to wireless calls.

“This is theoretically possible but practically unlikely,” said Claire Cranton, an association spokeswoman. She said no one else had broken the code since its adoption. “What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”

This looks like a classic sample of Security by denial to me. I should feel relieved knowing that this kind of research is illegal in several countries and that we know only one person that managed to break this encryption. Sigh!

A question to the reader: Do you think it is a good practice for some countries to make illegal the efforts to break those kinds of encryption?

I believe this leads to false sense of security and give advantage to those, who do not hesitate to break the law over those who do obey it. It also leaves all of us, who uses this technology every day, in the dark.

No comments: