There are two stories alive in the press at the moment at two very different ends of the security spectrum.
The first is the ongoing debate of the extent to which The Guardian’s leaks of data released by US whistleblower/traitor (delete as per your viewpoint) Edward Snowden have impacted national security. The second is the massive leak of security details in a hack at Adobe.
But which one poses the greater threat to “national security”?
On a conventional analysis of that term, it’s a no-brainer; security services claim that Snowden’s leaks by their nature disclose elements of what the security services are able to know, and therefore limit their ability to use such surveillance again in the future (the bad guys get wise, and stop using communications techniques that would have been seen as safe in the past). Even worse, some security operatives may well now find themselves in danger (although presumably that would be part of the job description).
If we take a broader view of the definition of “national security”, though, it makes me wonder if the Adobe leak (particularly the revelation of millions of unique passwords which, if they’ve been reused in other places by their owners, has potentially horrible consequences) may have a broader impact on security for us all. As I’ve argued many times before, the weakest link in any security is the people involved, and as a result the responsibility of organisations building massive security databases of usernames and passwords extends far beyond their own sites.
There’s lots in the press the moment about how bad many of the common Adobe passwords were (“12345678”, “Password”… that kind of thing), but calling all the users stupid is missing the point that the security of our online lives is very difficult to manage effectively – and even more so when firms with the resources and expertise of Adobe can’t get it right.
Whilst I have no doubt of the negative impact potential of Snowden’s acts, the day-to-day threats involved to all of our security is in the slight chance of catastrophe. Our day-to-day lives are much more likely to be impacted by the sorts of things that Adobe have just experienced.