Privacy is a fundamental human need.

Security is a process, not a product.

Chaos is hard to create, even on the Internet.

Metadata equals surveillance; it's that simple.

Amateurs hack systems, professionals hack people.

Surveillance is the business model of the Internet.

Only amateurs attack machines; professionals target people.

The user's going to pick dancing pigs over security every time.

Terrorism is a crime against the mind. We win by refusing fear.

Liberty requires security without intrusion, security plus privacy.

The more technological a society is, the greater the security gap is.

Terrorists can only take my life. Only my government can take my freedom.

It doesn't matter how good the card is if the issuance process is flawed.

There's an entire flight simulator hidden in every copy of Microsoft Excel 97.

Buy American Doesn’t Sell Well Anymore Because It Means Give A Copy To The NSA

Cryptography products may be declared illegal, but the information will never be

Digital files cannot be made uncopyable, any more than water can be made not wet.

Given the credible estimate that we've spent $1 trillion on anti-terrorism security

You can't defend. You can't prevent. The only thing you can do is detect and respond.

Corporate and government surveillance aren't separate; they're an alliance of interests.

Technical problems can be remediated. A dishonest corporate culture is much harder to fix.

No one can duplicate the confidence that RSA offers after 20 years of cryptanalytic review.

We can't keep weapons out of prisons; we can't possibly expect to keep them out of airports.

It is poor civic hygiene to install technologies that could someday facilitate a police state.

Don't make the mistake of thinking you're Facebook's customer, you're not - you're the product.

It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.

Something that looks like a protocol but does not accomplish a task is not a protocol—it’s a waste of time.

If the FBI parks a van bristling with cameras outside your house, you are justified in closing your blinds.

More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.

Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.

Choosing providers is not a choice between surveillance/not; it's just choosing which feudal lord gets to spy on you.

Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.

If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security.

The question to ask when you look at security is not whether this makes us safer, but whether it's worth the trade-off.

People don't understand computers. Computers are magical boxes that do things. People believe what computers tell them.

A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography

I tell people: if it's in the news, don't worry about it, because by definition, news is something that almost never happens.

We no longer know whom to trust. This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix.

It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security.

People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.

There are two types of encryption: one that will prevent your sister from reading your diary and one that will prevent your government.

I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'.

If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.

And honestly, if anyone thinks they can get an accurate picture of anyplace on the planet by reading news reports, they're sadly mistaken.

Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.

The fundamental driver in computer security, in all of the computer industry, is economics. That requires a lot of re-education for us security geeks.

This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community.

Surveillance of power is one of the most important ways to ensure that power does not abuse its status. But, of course, power does not like to be watched.

If someone steals your password, you can change it. But if someone steals your thumbprint, you can't get a new thumb. The failure modes are very different.

It's frustrating; terrorism is rare and largely ineffectual, yet we regularly magnify the effects of both their successes and failures by terrorizing ourselves.

Share This Page