The End of Trust ⇥ economist.com

Nick Valery, of the Economist:

So, what can be done to prevent another disaster on the scale of the Snowden fiasco, or the recent theft of 110m customer credit- and debit-card details from Target stores that has affected one in three Americans? Best to start by accepting that there is no such thing as a totally secure computer network; that data theft is always going to happen, whether by malicious outsiders or disgruntled employees. The answer (in so far as there is one) is to make the crime as difficult and time-consuming to perform as possible. For those with the know-how, it is laughably easy at present.

Until the first Snowden documents started to trickle out last year, there was a general assumption that many of the software- and hardware-based components of the security chain were fairly secure. Things like HTTPS and RSA keys were regarded as sacrosanct, while the weakest link in the chain was always understood to be people. Now, everything is assumed to be tampered with or totally insecure.