"Earlier this year, German politician Patrick Sensburg announced that Germany’s government officials might start using typewriters, as they are seen as being an “unhackable” technology."
Typewriters are subject to attack, but it's a much more laborious and non-scalable process. It requires social engineering, infiltration, or else planting bugs, intercepting shipments, etc. It can be done, and certainly was done, back in the age of typewriters. But it requires some old-fashioned, boots-on-the-ground fieldwork. It's a lot tougher to place bugs in embassies today than it was in the 1970s. And in some respects, it's logistically tougher than hacking into computers, which can be done from any location on Earth. (Which is not to say that computer hacking doesn't benefit from social engineering strategies, of course).
"Unhackable" is a poor choice of words -- more like "practically speaking, tougher to hack." This is a speed bump, not a roadblock.
Of course, if the US were to adopt this sort of strategy, we'd have to make sure we're manufacturing the typewriters domestically. Which probably means setting up a puppet company somewhere in the States, purely for the sake of making typewriters for government contracts. And then you'd have to make sure that company isn't socially engineered, infiltrated, or hacked. And so on, and so forth.
> Typewriters are subject to attack, but it's a much more laborious and non-scalable process.
I definitely subscribe to the idea that security is not about making unauthorized access impossible (no such thing), but rather about making it prohibitively expensive (both in terms of resources and risk).
In that light, it should surprise no one that government agencies have always had the ability to spy on citizens when sufficiently motivated. What is truly concerning is that per-capita, it is becoming more and more affordable for agencies to spy on every single person everywhere, all the time.
"I definitely subscribe to the idea that security is not about making unauthorized access impossible (no such thing), but rather about making it prohibitively expensive (both in terms of resources and risk)."
Exactly. There is no such thing as a foolproof security strategy. Anyone who tells you his plan is foolproof has already proven himself a fool.
Security is about protection, mitigation, and contingencies. It is not about full-stop prevention. Build a 100-foot wall, and I'll build a 101-foot ladder. (Proverbially speaking, of course).
"What is truly concerning is that per-capita, it is becoming more and more affordable for agencies to spy on every single person everywhere, all the time."
This is probably 50% of what concerns me. The other 50% is the coming revolution in analysis. I use that word so strongly as to place it in <em>sterisks. Advances in machine learning will allow us to find needles in the mountains and mountains of haystacks that we're collecting now. It is truly marvelous (and also scary, depending upon your point of view) to consider what one could make of the most seemingly mundane of patterns and breadcrumbs.
Very good point. Though I am writing from the assumption that any organization sufficiently paranoid/sensitive enough to revert to the inconvenience of typewriters is also sensible enough to keep them in secure, externally-controlled locations, with sufficient air gaps, both electronically and accoustically. Basically, a "stone age saferoom." :)
I've been going back to cash instead of using credit cards because I've been exposed twice now via Target and Home Depot. I want to even avoid using ATMs and go into the bank to get cash because you can't really even tell when an ATM has a malicious card scanner installed.
Once we have automated cars maybe we'll go be back to walking and riding bikes to avoid being victimized by remote car jacking.
Imagine the mess hijacked delivery drones might cause.
Your phone can be cloned remotely. You can't easily clone a rotary phone that plugs into the wall.
I'm definitely not looking to automate my home, especially after reading how Chinese hacker had installed back doors on wall mounted AC devices or whatever which had access to the internal network at the New York Times building to keep infiltrating and reinfecting all the machines on the network.
Maybe we jumped into the digital world a little bit too quickly.
Serious question - why do you very concerned if your credit card number is stolen? By law, credit cards have > 30 days (I forget the exact amount) of fraud protection as long as you report it. The only downside I can see is the pain of getting a new card. Your money really isn't at risk.
That said, I do agree that security is becoming a major issue in our world.
Yeah there are laws, but you have to catch it, and you have to report it and sometimes you don't realize you've been defrauded until months later. Hackers in my experience don't empty your account out, they charge $30 here, $19.99 here, sign up for this thing for a monthly charge of $9 you didn't realize. My time and stress costs me. And you can lose money.
It's best to just not have to deal with it. My credit card number has been put up for sale twice now, twice. Because I used it at a Target and a Home Depot. Ok, I just don't want to go through that again. I don't care if there are laws, if I use cash, I'll be fine. It's no problem, cash is accepted everywhere. I'm not likely to be mugged where I live and I don't carry a lot of money.
The aggregate pain and aggregate loss of using cash for transactions in a credit-card dominated world is much larger than the concentrated pain of replacing a credit card once a year. I make significantly more than $30 here and $20 there on rewards - on the order of $500+/year
Sign up for Mint, and quickly scan all of your transactions on a monthly or bi-monthly basis. It's a good idea anyway, so that you can easily account and keep track of how well you're doing at saving.
> The aggregate pain and aggregate loss of using cash for transactions in a credit-card dominated world is much larger
I have not found this to be the case.
> Sign up for Mint
I don't intend to increase the available surface area for attacks by giving my credit information to a third party. Nor do I need this kind of a monthly or bi-monthly hassle.
Eh, I don't view it as a hassle - I view it as a progress check. My savings is important to my future, and checking the budgets, etc. helps keep me on track.
Point taken on the attack surface area, that's definitely something I've always been worried about, and I have no counter.
It's a nightmare sometimes to cancel credit cards, especially if you're travelling.
There are some banks that simply won't cancel the card until you visit your local branch. A tricky maneuver when it's 2000 miles away (I don't know if they've changed this now). Likewise, there are things that are hard to find if you use your cards a lot and don't keep detailed receipts on everything you buy. This happened to me when I discovered someone's been deducting a small sum from my card for several months without me noticing as I was overseas. Of course they could only take care of the last charge before cancelling my card.
I have never heard of a credit card that couldn't be cancelled immediately by calling the number on the back of it. That's the whole point -- when a card is stolen, it has to be deactivated on the spot.
What bank would ever require a visit in person to deactivate your current card? That would be insane, since the bank would simply be opening itself up to more losses, since it (and not you) are responsible for fraudulent expenses.
It was actually a credit union. And yes it is crazy, but then so are a lot of their other practices. Also, I was calling them internationally so even though the private questions they asked me verified my identity, it was still an arduous process. The number of times I called to finally get the card cancelled actually made my long distance charges greater than the stolen value ($25).
(Nonmechanical) computer keyboards, relatively quiet in the world of text input technology, have been found to be extremely vulnerable to acoustic attack:
If your using a mechanical typewriter, your likely not in a public (and/or pre-deterined place). This forces an attacker into a cumbersome, intrusive, and maybe-evidence-left-behind espionage scenario (B&E). That in and of itself is quite useful.
you'd have to have either a permanent installation or exquisite timing. again, the greatly narrows down attack surface. you might be able to surveil small lots of targets this way, but it would be harder than you think. Again, if your a stuxtnet-level target, you're not going to be safe...but that's not really most people...is it?
Your normal-ish executive will have the ability to work in places without LOS from non-credentialed personell (eg, high rise apartment, gated community, interior conference rooms, etc). The NSA or MI6 could of course rent the flat across the street, or have a sub-contractor con his way into employment, but this type of stuff is outside the remit of your basic opportunistic threat. And it leaves evidence and paper trails unless you are the mossad or cia whomever and can fake identities like passports, bank accounts, etc.
Even for mechanical ones, isn't it possible to read off the ribbons to see what someone has typed? Granted, there are no spaces but we can still get the gist I imagine.
Yeah, about that...
http://legalinsurrection.com/2014/07/using-old-school-typewr...
http://www.magicmargin.net/2012/12/silencing-chatty-selectri...
Unless they're going back to mechanical ones.