<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>business of security &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/business-of-security/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Sat, 15 Nov 2025 09:49:00 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Book Review: The Business of Secrets</title>
		<link>https://noise.getoto.net/2025/11/13/book-review-the-business-of-secrets/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 13 Nov 2025 12:09:39 +0000</pubDate>
				<category><![CDATA[business of security]]></category>
		<category><![CDATA[Cryptography]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[history of cryptography]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=71134</guid>

					<description><![CDATA[<p><strong><cite>The Business of Secrets: Adventures in Selling Encryption Around the World</cite> by Fred Kinch (May 24, 2024)</strong></p>
<p>From the vantage point of today, it’s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn’t know whether the cryptography they sold was any good. The customers didn’t know whether the crypto they bought was any good. Everyone pretended to know, thought they knew, or knew better than to even try to know.</p>
<p><cite>The Business of Secrets</cite> is the self-published memoirs of Fred Kinch. He was founder and vice president of—mostly sales—at a US cryptographic hardware company called Datotek, from company’s founding in 1969 until 1982. It’s mostly a disjointed collection of stories about the difficulties of selling to governments worldwide, along with descriptions of the highs and (mostly) lows of foreign airlines, foreign hotels, and foreign travel in general. But it’s also about encryption...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Story About Medical Device Security</title>
		<link>https://noise.getoto.net/2025/02/18/story-about-medical-device-security/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 18 Feb 2025 12:06:07 +0000</pubDate>
				<category><![CDATA[business of security]]></category>
		<category><![CDATA[medicine]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69942</guid>

					<description><![CDATA[Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don&#8217;t remember the story at all, or who the company was. But it sounds about right.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Justice Department Indicts Tech CEO for Falsifying Security Certifications</title>
		<link>https://noise.getoto.net/2024/10/18/justice-department-indicts-tech-ceo-for-falsifying-security-certifications/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 18 Oct 2024 13:58:14 +0000</pubDate>
				<category><![CDATA[auditing]]></category>
		<category><![CDATA[business of security]]></category>
		<category><![CDATA[certifications]]></category>
		<category><![CDATA[fraud]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69506</guid>

					<description><![CDATA[The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Texas Sues GM for Collecting Driving Data without Consent</title>
		<link>https://noise.getoto.net/2024/08/14/texas-sues-gm-for-collecting-driving-data-without-consent/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 14 Aug 2024 16:48:46 +0000</pubDate>
				<category><![CDATA[business of security]]></category>
		<category><![CDATA[cars]]></category>
		<category><![CDATA[data collection]]></category>
		<category><![CDATA[deception]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69257</guid>

					<description><![CDATA[<p>Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies:</p>
<p>From <a href="https://www.cnn.com/2024/08/13/business/texas-sues-general-motors-driver-data/index.html">CNN</a>:</p>
<blockquote><p>In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.</p>
<p>General Motors sold this information to several other companies, including to at least two companies for the purpose of generating “Driving Scores” about GM’s customers, the AG alleged. The suit said those two companies then sold these scores to insurance companies...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Amazon Has Trucks Filled with Hard Drives and an Armed Guard</title>
		<link>https://noise.getoto.net/2021/01/04/amazon-has-trucks-filled-with-hard-drives-and-an-armed-guard/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 04 Jan 2021 12:11:20 +0000</pubDate>
				<category><![CDATA[amazon]]></category>
		<category><![CDATA[business of security]]></category>
		<category><![CDATA[databases]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60699</guid>

					<description><![CDATA[<p>From an <a href="https://logicmag.io/commons/inside-the-whale-an-interview-with-an-anonymous-amazonian/">interview</a> with an Amazon Web Services security engineer:</p>
<blockquote><p>So when you use AWS, part of what you&#8217;re paying for is security.</p>
<p>Right; it&#8217;s part of what we sell. Let&#8217;s say a prospective customer comes to AWS. They say, &#8220;I like pay-as-you-go pricing. Tell me more about that.&#8221; We say, &#8220;Okay, here&#8217;s how much you can use at peak capacity. Here are the savings we can see in your case.&#8221;</p>
<p>Then the company says, &#8220;How do I know that I&#8217;m secure on AWS?&#8221; And this is where the heat turns up. This is where we get them. We say, &#8220;Well, let&#8217;s take a look at what you&#8217;re doing right now and see if we can offer a comparable level of security.&#8221; So they tell us about the setup of their data centers...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The Legal Risks of Security Research</title>
		<link>https://noise.getoto.net/2020/10/30/the-legal-risks-of-security-research/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 30 Oct 2020 14:14:26 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[business of security]]></category>
		<category><![CDATA[courts]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[risks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60408</guid>

					<description><![CDATA[<p>Sunoo Park and Kendra Albert have published &#8220;<a href="https://clinic.cyber.harvard.edu/files/2020/10/Security_Researchers_Guide-2.pdf">A Researcher&#8217;s Guide to Some Legal Risks of Security Research</a>.&#8221;</p>
<p>From a <a href="https://clinic.cyber.harvard.edu/2020/10/30/cyberlaw-clinic-and-eff-publish-guide-to-legal-risks-of-security-research/">summary</a>:</p>
<blockquote><p>Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions (DMCA &#167;1201), electronic privacy law (ECPA), and cryptography export controls, as well as broader legal areas such as contract and trade secret law.</p>
<p>Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance. Aimed at researchers, the public, and technology lawyers alike, its aims both to provide pragmatic guidance to those navigating today&#8217;s uncertain legal landscape, and to provoke public debate towards future reform...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 34/121 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-08 20:41:08 by W3 Total Cache
-->