Ross Anderson at Edge:
"Back in the early 1990s, for example, if you visited the Microsoft campus in Redmond and you pointed out that something people were working on had a flaw or could be done better, they’d say, “No, we’re going to ship it Tuesday and get it right by version three.” ... It was the philosophy. IBM and the other established companies were really down on this. They were saying, “These guys at Microsoft are just a bunch of hackers. They don’t know how to write proper software.”
But Bill had understood that in a world where markets tip because of network effects, it’s absolutely all-important to be first. And that’s why Microsoft software is so insecure, and why everything that prevails in the marketplace starts off by being insecure. People race to get that market position, and in the process they made it really easy for people to write software for their platform. They didn’t let boring things like access controls or proper cryptography get in the way.
Once you have the dominant position, you then put the security on later, but you do it in a way that serves your corporate interests rather than the interests of your customers or your users. You do it in such a way that you lock-in your customer base, your user base. …
Twenty years ago, I could find everything about you that was on the World Wide Web, and you could do the same to me, so there was mutuality. Now, if you’re prepared to pay the money and buy into the advertising networks, you can buy all sorts of stuff about my clickstream, and find out where I’ve been staying, and what I’ve been spending my money on, and so on. If you’re within the tent of the intelligence agencies, as Snowden taught us, then there is very much more still. There’s my location history, browsing history, there’s just about everything.
This is the threat. ... Now that Mr. Trump has been elected, it must be clear to all that government having very intrusive powers of surveillance is not something that necessarily sits well with a healthy democratic sustainable society. ..
Within a few years, every car will be updating its software perhaps once a month. … If you’ve got a vulnerability that can be exploited remotely, it can be exploited at scale …
If I can threaten to cause millions of cars in America to turn right and accelerate sharply into the nearest building, causing the biggest gridlock you’ve ever seen in every American city simultaneously, maybe only killing a few hundred or a few thousand people but totally bringing traffic to a standstill in all American cities— isn’t that an interesting weapon worth developing if you’re the Chinese Armed Forces R&D lab? There’s no doubt that such weapons can be developed. …
At present, the debate about access to keys ... has been about whether the FBI or the British Security Service should be able to tap your iPhone … But if the FBI can crash your car? Do you still want to give the FBI a golden backdoor key to all the computers in the world? Even if it’s kept by the NSA, then the next Snowden maybe doesn’t sell the golden key to The Guardian, maybe he sells it to the Russian FSB.
We suddenly get into a very different policy terrain where the debates over who gets access to whom, and when, and how, and why, are suddenly sharp. It’s not just your privacy that’s on the line anymore, it’s your life."