zlacker

[return to "A case against security nihilism"]
1. gnfarg+bf[view] [source] 2021-07-20 20:32:51
>>feross+(OP)
"What can we do to make NSO’s life harder?" That seems pretty simple to me: We ask Western democratic governments (which include Israel) to properly regulate the cybersecurity industry.

This is the purpose of governments; it is why we keep them around. There is no really defensible reason why the chemical, biological, radiological and nuclear industries are heavily regulated, but "cyber" isn't.

◧◩
2. tptace+Xf[view] [source] 2021-07-20 20:37:08
>>gnfarg+bf
Nobody has any credible story for how regulations would prevent stuff like this from happening. The problem is simple economics: with the current state of the art in software engineering, there is no way to push the cost of exploits (let alone supporting implant tech) high enough to exceed the petty cash budget of state-level actors.

I think we all understand that the medium-term answer to this is replacing C with memory-safe languages; it turns out, this was the real Y2K problem. But there's no clear way for regulations to address that effectively; assure yourself, the major vendors are all pushing forward with memory safe software.

◧◩◪
3. contra+Yi[view] [source] 2021-07-20 20:51:18
>>tptace+Xf
Well, first of all the NGO group in its current form wouldn't exist if Israel regulated them, at the very least it wouldn't exist as a state-level equivalent actor.

Second of all if you can't push the costs high enough then it becomes time to limit the cash budget of state level actors. Which is hardly without precedent.

For some reason you seem to only be looking at this as a technology problem, while at the core it is far more political. Sure technology might help, but that's the raison d'etre of technology.

◧◩◪◨
4. tptace+cl[view] [source] 2021-07-20 21:02:41
>>contra+Yi
Sure, you can outlaw NSO itself. I won't complain! But all you're doing is smearing the problem over the globe. You can push this kind of work all the way to "universally acknowledged as organized crime", and it'll still happen, exactly the same way, with basically the same actors. You might even increase the incentives by doing it. Policy is complicated.
◧◩◪◨⬒
5. contra+sJ[view] [source] 2021-07-21 00:10:35
>>tptace+cl
Well you can hardly complain it's impossible to make the cost of exploits high enough if you do nothing to restrict their funding. If a country lets them openly conduct business then it's no surprise they're well funded, which wouldn't be a problem if that country kept an eye on them to ensure they're not doing anything harmful, but predictably that didn't work out.
◧◩◪◨⬒⬓
6. tptace+S01[view] [source] 2021-07-21 02:58:24
>>contra+sJ
NSO is just the exploit vendor you hear about. There are lots more.
[go to top]