Tag: encryption

Confidence game: Growth mindset for the secret police

Powers that give MI5, MI6 and GCHQ a “dizzying” range of electronic surveillance capabilities will be laid out in the investigatory powers bill next month, in a move that will bolster the confidence of the intelligence agencies but pave the way for a row with privacy campaigners.

According to one headline announcing this report in the Times, the security services will get the “legal right” to hack into people’s computers and other electronic devices. Under must circumstances, “legal right” might be seen as redundant, but not here. They already do these things, they have the power to do these things, but what they lack, apparently, is confidence in their abilities.

Cue the Growth Mindset (TM). I suppose it was only a matter of time before education fads started sloshing over into spying: After all, aren’t GCHQ and the others supposed to be “learning things”? What they need is confidence. The standard critiques apply:

Confidence and motivation are crucial, but confidence without competence is simply hot air.

Honour among spies

I’m genuinely perplexed by pretensions of morality among representatives of espionage agencies. Today various news outlets are reporting that Russia and China have gained access to the Snowden files, and so found details of western agents and methods. Now, a certain skepticism is required: No details are offered, only that “sources” “believe” this to be so. Even if this information has reached Russia and China, the US government has shown itself to be so inept at network security lately that it wouldn’t be hard to imagine that they gained access through a different route.

That doesn’t stop the grandiloquent sermonising. According to the Sunday Times,

One senior Home Office official accused Snowden of having “blood on his hands,” although Downing Street said there was “no evidence of anyone having been harmed”.

Imagine if it were discovered that Edward Snowden were actually Eduard Snowdinsky, a Russian sleeper agent whose parents had been smuggled into the US to raise an agent with US background. Now that he has successfully completed his mission and returned to the motherland, what could American officials (and their running-dog lackeys) say but “Good on you. Impressive operation.” After all, everyone does it, if they can. That’s what they say when they spy on our allies, who (they say) are only putting on a show of saying they feel the Americans betrayed their trust. Or when they spy on their own citizens, who they say are simply naive in not recognising the force majeure. They wouldn’t say he had “blood on his hands”, or any such nonsense smacking of bourgeois morality that they’ve all moved beyond when they saw the higher purpose of spying on the whole world. So, are they just putting on a show?

Perhaps more to the point, should I be more appalled by the actions of a Snowden, who revealed US secrets in an attempt to defend universal principles of democracy and human rights, and the US constitution in particular; or by the actions of the NSA, who were so busy breaking into video-game chats that they couldn’t be bothered to make appropriate efforts to defend the US against having the complete set of US government security clearances hacked? That’s information that definitely puts people at risk of harm.

Is it a coincidence that these stories are coming out at the same time?

Just browsing

Among the first orders of business for the Conservatives, now that they have a majority, is to increase their ability to spy on the general public — for only the most noble of reasons bien sûr:

That law, labelled a snooper’s charter, would have required internet and mobile phone companies to keep records of customers’ browsing activity, social media use, emails, voice calls, online gaming and text messages for a year. 

It occurred to me that a reasonably effective defense against government snooping on your browsing history (and, indeed, Google snooping on your browsing history) might be to have a browser that is constantly active, and searches for random search terms whenever it is not being actively used.

Some ideas:

  1. The random browsing should not be completely arbitrary. It should include sufficient numbers of securityphilic keywords to make it difficult to search through.
  2. You don’t want the real searches to stand out as topically coherent. You’d want the choice of search terms to crawl through topic space.
  3. You might want to embed the real searches in the crawl. Suppose I type “David Cameron smashed restaurant” into my search window, when the browser, on its own initiative, has just searched for “spurious GCHQ bomb plots”. Instead of carrying out my search immediately, it interpolates thematically. Maybe a dozen searches like “spurious David Cameron bomb plots” and “spurious David cameron bomb restaurant”.

Security theatre, WWII and today

Computer security researcher Chris Roberts has been banned from United Airlines for the offense of pointing out that the lax security in their onboard wifi systems could endanger the safety of the aircraft. At the same time, they insisted that

We are confident our flight control systems could not be accessed through techniques [Mr Roberts] described.

The only danger to the flight control systems, it turns out, was the researcher who informed them (via Twitter) of the security flaws.

This reminded me of the story Richard Feynman told about cracking safes for a lark at Los Alamos. One time he decided to needle a colonel he was visiting at Oak Ridge, who had just deposited some highly secret documents extra heavy-duty safe, but with the same easy-to-crack lock on it. He’d figured out that when the safe was left open, it was easy to pick up two of the three numbers of the combination by feel.

“The only reason you think they’re safe in there is because civilians call it a ‘safe’.”

The colonel furiously challenged him to open it up. This Feynman accomplished, in two minutes, though he pretended to need much longer, to distract from what an easy trick it was.) After allowing some moments of astonishment, he decided to be responsible:

“Colonel, let me tell you something about these locks: When the door to the safe or the top drawer of the filing cabinet is left open, it’s very easy for someone to get the combination. That’s what I did while you were reading my report, just to demonstrate the danger. You should insist that everybody keep their filing cabinet drawers locked while they’re working, because when they’re open, they’re very, very vulnerable.”

The next time Feynman visited Oak Ridge, everyone was wanting to keep him out of their offices. It seems, the colonel’s response to the danger was to make everyone change their combinations if Feynman had been in or passed through their office, which was a significant nuisance.

That was his solution: I was the danger.[…] Of course, their filing cabinets were still left open while they were working.

“Networks of choice”

I’ve commented before on the brilliant satirical sketch from the 2008 US election campaign, in which John McCain’s campaign staff discussed an ad accusing Barack Obama of proposing tax breaks for child molesters. “Did he really do that?” asks the candidate. “He proposed tax breaks for all Americans, and some Americans are child molesters” was the answer.

Last year, Home Secretary Theresa May applied this joke structure to the abuse of anti-terror laws to attack press freedom. Now the Guardian reports that the new director of GCHQ Robert Hannigan is keeping up this satiric tradition. He

has used his first public intervention since taking over at the helm of Britain’s surveillance agency to accuse US technology companies of becoming “the command and control networks of choice” for terrorists.

Fortunately, since it’s just the terrorists who prefer using Google and Apple and Facebook and Twitter they’ll be easy for the security services to target. The honest people are presumably all using the upstanding high-quality British online services. Because they have nothing to hide.

What does it mean, by the way, that the Guardian calls this a “public intervention” (rather than a speech, as other political figures are described as delivering)? It sounds ominous.

Default settings, encryption, and privacy

One essay that powerfully shaped my intellect in my impressionable youth was Douglas Hofstadter’s Changes in Default Words and Images, Engendered by Rising Consciousness, that appeared in the November 1982 issue of Scientific American (back when Scientific American was good), and Hofstadter’s associated satire A Person Paper on Purity in Language. Hofstadter’s point is that we are constantly filling in unknown facts about the world with default assumptions that we can’t recognise unless they happen to collide with facts that are discovered later. He illustrates this with the riddle, popular among feminists in the 1970s, that begins with the story of a man driving in a car with his young son. The car runs off the road and hits a tree, and the man is killed instantly. The boy is brought to the hospital, prepped for surgery, and then the surgeon takes one look at him and says “I can’t operate on this boy. He’s my son.” As Hofstadter tells it, when this story was told at a party, people were able to conceive of explanations involving metempsychosis quicker than they could come to the notion that the surgeon was a woman. It’s not that they considered it impossible for a woman to be a surgeon. It’s just that you can’t think of a human being without a sex, so it gets filled in with the default sex “male”. (The joke wouldn’t really work today, I imagine. Not only are there so many women surgeons that it’s hard to have a very strong default assumption, but the boy could have two fathers. On the other hand, a “nurse” has a very strong female default, so much so that a male nurse is frequently called a “male nurse”, to avoid confusion.)

Continue reading “Default settings, encryption, and privacy”