twitter facebook rss

Liars and Reliarbility

Posted by on November 16, 2016.

It is becoming my wont. Rob Slade is providing an excellent series on the weaknesses of modern infosec journalists. I must riposte. The subject is lies and reliability.

You see, the problem with ‘liar, liar, pants on fire’ is that unless you see it for yourself, you can never be certain whether the pants are on fire or the report is false. Rob points out that bad guys lie. But everybody in business lies — and it’s very difficult to uncover who is lying the most.

You may recall that following the Russian dope scandal and subsequent exclusion of a number of Russian athletes from summer’s Rio Olympics, Russian hacking group Fancy Bear (which may or may not have ties with the Russian government) broke into the World Anti-Doping Agency (WADA) and stole and subsequently published dope test records.

Some time later, WADA published a statement effectively accusing Fancy Bear of manipulating the data before publishing it. “It should also be noted,” said WADA, “that in the course of its investigation, WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS [WADA’s Anti-Doping Administration and Management System] data.”

One of the parties is lying; and almost all journalists (other, perhaps, than some Russian journalists) automatically assume that WADA is telling the truth. But hand on heart – is this absolute knowledge or just assumption?

I said earlier that everyone in business lies. Here’s a statement from the technical director of the UK’s brand new National Cyber Security Centre (NCSC). I’ve quoted it before, here.

The security companies are incentivized to make it [the threat posed by what he calls ‘winged ninja cyber monkeys’] sound as scary as possible because they want you buy their magic amulets.

For our purposes here, let us accept that he is actually saying, ‘security vendors lie to sell their products’. But, hang on, who is really lying: the security vendors or the government ninja? If he persuades everyone that he wants it to be told as it is, then whatever he says (that is, whatever government says) will be taken at face value as absolute truth.

And the absolute truth, as far as government is concerned, is that the nation is beset on all sides by terrorists, paedophiles, money launderers and gun runners (the four criminals of the apocalypse). That’s why we need new laws such as the Investigatory Powers Act (more generally known as the New Snoopers Charter). Did I mention it was passed by the House of Lords today? No? Well it was, and its now downhill all the way to a new 1984 in January.

Ah, but I might be lying. Maybe the IP (soon to be) Act is necessary? Well, this is what Ed Macnair, CEO of CensorNet, said earlier today:

Aside from the arguments around privacy – which are many and valid – it’s also a huge security risk. Can you imagine the damage that could be done to individuals if their private browsing history was made public? That’s not people on ‘dodgy’ sites but individuals with highly personal concerns from sexuality and HiV, to addictions and depression. The Ashley Madison hack if nothing else showed us the devastation that occurs when incredibly personal information is leaked.

Or is he lying? I don’t think so; but most people believe what they are, or have become, predisposed to believe. And that applies to me a much as anyone.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Kevin Townsend's opinions | Tags: