Secret courts making secret rulings on secret laws, and companies flagrantly lying to consumers about the insecurity of their products and services, undermine the very foundations of our society.

People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.

A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography

Corporate and government surveillance aren't separate; they're an alliance of interests.

The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember.

Technical problems can be remediated. A dishonest corporate culture is much harder to fix.

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.