[IP] Poor phone security can be more dangerous than no security

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] Poor phone security can be more dangerous than no security
From: David Farber <dave@xxxxxxxxxx>
Date: Sun, 30 Jan 2005 12:57:57 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx
User-agent: Microsoft-Entourage/11.1.0.040913

------ Forwarded Message
From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: Sun, 30 Jan 2005 09:19:20 -0800
To: <dave@xxxxxxxxxx>
Cc: <lauren@xxxxxxxxxx>
Subject: Poor phone security can be more dangerous than no security

> ------ Forwarded Message
> From: "Simson L. Garfinkel" <simsong@xxxxxxxxxxxxx>
  ...
> Right now the choice is using Skype or using the analog phone on their desk.
> Discussions about theoretical vulnerabilities and bad-seed super-nodes just
> scare the activists into thinking that this internet security stuff is too
> complicated, and they're better off just using that analog phone.

It can be argued that a telecom system that you believe to be reasonably
secure (but may actually be subject to monitoring exploits) is
fundamentally more dangerous to its users than a totally insecure
ordinary analog POTS phone environment.

The reason is psychological, not technical.  If persons are speaking
on an ordinary POTS analog line and are concerned about their subject
matter being overheard, they tend to be very careful about the
topics under discussion, or at least the explictness of their
language.

On the other hand, if persons believe that the particular VoIP
system that they're using provides better security than POTS,
they're very likely to be much more open in their communications
over that phone system.  If it turns out that the supposedly "secure"
system really isn't secure, they've gone from the frying pan into
the fire, since the care they had been using in their conversations
in the analog case is likely to have been abandoned.

--Lauren--
Lauren Weinstein
lauren@xxxxxxxx or lauren@xxxxxxxxxx or lauren@xxxxxxxxxxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
                     Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com

------ End of Forwarded Message

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on Simson Garfinkel analyses Skype - Open Society Institute
Next by Date: [IP] Steal This Show
Previous by thread: [IP] more on Simson Garfinkel analyses Skype - Open Society Institute -- interesting set of comments djf
Next by thread: [IP] Steal This Show
Index(es):
- Date
- Thread