Red Notice Blizzard Warning: Secure Communications & Wilful Ignorance
Date: 1 Nov 2018 Category : LInkedIn | Author: Graham Penrose
The supply of non dual-use publicly available tech to a citizen is perfectly fine. The supply of the tech, both hardware and software, in a self service e-commerce environment wrapped in AML / KYC compliant registration procedures makes abundant sense. It gives those providers with good product and good value pricing access to the increasing number of private citizens who worry about their privacy.
Developing Demand from Proactive Paranoia
The secure comms providers best business development tool is the media and the wall to wall media coverage of:
- The increasingly alarming rise in and nature of claims made by whistle blowers;
- Deep state intelligence agency antics;
- The dangers Facebook & Google and their inability to control their impulse to break the trust of their users and slice and dice their behaviour data for sinister usage;
- Increasing numbers of populist leaders globally with questionable agendas or in some cases questionable sanity and who have access to mass surveillance programs; and
- The general socmed giants and government privacy abuses which when exposed result in little or no sanction.
There is almost a perfect storm of “proactive paranoia” driving demand.
Pitching the obvious benefits of protecting your privacy to a private citizen, a C-suite exec, a private contractor in a high risk area, a journalist, or an activist is a no-brainer to attract the ready made customer base to your product.
Pointing out in the process the flexibility, cost effectiveness, and reliability of your configuration and pick and mix offering depending on your perceived risk profile is the closer.
However, sitting in front of a known criminal or extremist and explaining risk mitigationbenefits in terms of a reduction in the number of intercepted shipments of dummy dust or the reduced number of your freedom fighters incarcerated, is not wise if your best defence is that encryption is a human right.
Less blaringly silly but still a cul-de-sac strategy is sitting in an office and allowing unidentified individuals help themselves to your tech via a website without having a credible AML / KYC process in place.
The returns are huge but you will be hard pressed to use them to make your concrete mattress more comfortable as you do time for joint enterprise or the offence of criminal organisation (the tests for guilt in that offence are not complex). Ask the gents from Phantom Secure.
For example if JQ1 asks me for JQ2’s home address and I know that JQ1 in all likelihood will pass that info to JQ3 who bears a grudge against JQ2 and an offence is subsequently committed by JQ3 against JQ2 then I am as culpable as JQ3 in the eyes of the law.
Same applies for the general application of the tech to assist in the risk mitigation strategy of fringe elements. For now outfits like Phantom Secure who blatantly sought out international cartel operators as customers are the focus. In the near future that will trickle down to the providers who just don’t check all the compliance boxes.
In the absence of public licensing or registration of providers, legislation governing classification of encryption as dual use or restricted tech, or specific statutes then if as an industry we want to avoid these measures – which one can almost be certain will be draconian – then secure comms providers need to demonstrate responsibility, self regulate, and subscribe to an industry code of conduct.
Ignorance of the law is not a defence under the law.
Watch out mates, it’s in the post. Make sure you do not fall victim to the appeal of allegedly “easy money” and a naive defence.
Cos just when you think that you are a clever bugger ….