EU's Combat Child Sexual Abuse (CSAR), more commonly known as "chatcontrol"
The proposed new regulation to combat CSAM currently being debated in the EU proves a couple of essential points.
Even though the cause is good, there is no way to give “the good guys” the ability to fight crime by inspecting all citizens' private messaging while still maintaining some form of privacy. The backdoor will be open for all, including criminals and authoritarian leaders. We will end up having the same control regime that we see in countries we do not want to compare ourselves to.
Secondly, you cannot “ban encryption” like the EU is trying to do. Encryption as a concept will always be available to those with resources and motivation to ensure that they keep their communication private. Criminals will always have both the means and motivation; the old saying that if you ban encryption, the only ones left with encryption will be the outlaws is still true today.
This also clearly illustrates the need for more technical literacy among politicians and lawmakers. You cannot create laws and expect the industry to “make it work” or “nerd harder,” as Mike Masnick so aptly calls it in some of his criticisms of laws that do not work with the technology we have available.
Read more on fightchatcontrol.eu
Two similarities between keeping fit and information security
Past performance alone cannot ensure future success, making consistency and improvement of existing resources essential in both fitness and cybersecurity.
We drown in metrics, but what do we do with them?
Despite an abundance of cybersecurity metrics available, organizations struggle to derive actionable insights from them due to complexity and lack of context.