“Joe’s Security Axioms” first appeared in the post, “EFF on Apple’s Latest Shenanigans” here on 6 August 2021. I figured they deserve a page of their own to update as we go along. Feel free to suggest additions of your own!
Joe’s Security Axioms, Abridged & Subject to Change
- Amorality: Technical capabilities are not bound by ethics, policy, terms of service, end user agreements, or marketing. Neither are the ethics, policy, terms of service, end user agreements, or marketing for that matter.
- Precedent: Once in place, technical capabilities are not removed. If anything, they are expanded and duplicated.
- Exploitability: If a technical capability can be exploited, it will be — and probably not as you imagined.
- Client-Side: It doesn’t matter if you use end-to-end encryption if your endpoint is compromised.
- Server-Side: Data held by a third party will inevitably be mined, compromised, and exploited.
- Identity: If an entity controls two digital identities and wishes to prove it, that is doable. Proving one entity controls two digital identities without cooperation? Or proving that one digital identity is controlled by only one individual? That’s another story…
- Double-Speak: If you listen carefully, you can hear the Truth: “We didn’t collect your data; you did, and your devices held it until we needed it. We didn’t target you without probable cause; Our Algorithm indicated suspicious activity on your device, so a case was made, the warrants were issued, and then we began to look a little deeper into all of your data on all of your devices and services.”